There's a clear distinction between sin() and sprite_save() functions. Who would use that function in a math calculation?
My previous post was a little unclear on this point, but I meant to say that my point wasn't really valid in the the context of mathematical expressions, since, as you say, no one would want to use those functions. However, at this point, I see several ways that a person with malicious intent could wreck havoc on a game through your script. I'll allow that they probably couldn't do anything outside of the game, but they could definitely ruin the game itself*.
Also, menmoth, the writing functions are blacklisted.
Just do tell me which you think are not (with real examples).
Am I missing something? In this script, which you provided a link to in one of your previous posts, I see nothing that would prevent one from accessing data structures (read or write), and I don't see anything that would prevent the use of the variable_*
functions either. I'd say that both of these are issues, because oftentimes, during saving or things like that, the contents of data structures and variables are written directly to files*.
Also, I like your spelling of my name.
*Since this is an online game, the security requirements are more stringent than usual. No one cares if someone messes up a one player game, but in an online game, it might be an issue.
Wouldn't be faster and easier to scan the code/expression against the blacklist rather then parsing the code?
As I said, it is not possible to provide safe, limited write access (which might be necessary) to data structures or other resources using 'compile' time checking.
@mnementh: Well I wrote an "overloaded" function/script for all write-functions (for datastructures).
How in the world did you do that? I'm very curoious, because some of those functions have functionality that can't be imitated in GML.
Also this seems to beg for gm to properly support overloading of functions. (I wish this was done a long time ago: it allows for much cleaner looking code).
I don't think it's applicable here. How is GM supposed to know when you want your version of the function called, and when to call the normal one. Generally, overloading requires each version of the function to have different parameters, which isn't very conducive to dynamic typing (that's the reason that Python also has no function overloading).
Edited by Mnementh, 24 May 2009 - 09:28 PM.