Mercurial > hg > early-roguelike

diff arogue5/save.c @ 66:c56f672244f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
arogue5: close security holes. Prevent whoami (player name), file_name, and score_file from being changed if the systemwide save location is being used.
author elwin
date Sat, 11 Aug 2012 16:27:20 +0000
parents a98834ce7e04
children c49f7927b0fa
line wrap: on
line diff
--- a/arogue5/save.c	Fri Aug 10 21:17:14 2012 +0000
+++ b/arogue5/save.c	Sat Aug 11 16:27:20 2012 +0000
@@ -41,7 +41,10 @@
     mpos = 0;
     if (file_name[0] != '\0')
     {
-	msg("Save file (%s)? ", file_name);
+        if (use_savedir)
+	    msg("Save game? ");
+        else
+	    msg("Save file (%s)? ", file_name);
 	do
 	{
 	    c = readchar();
@@ -53,6 +56,10 @@
 	    msg("File name: %s", file_name);
 	    goto gotfile;
 	}
+        if (use_savedir) {
+            msg("");
+	    return FALSE;
+        }
     }
 
     do
@@ -69,7 +76,11 @@
 	strcpy(file_name, buf);
 gotfile:
 	if ((savef = fopen(file_name, "w")) == NULL)
+        {
 	    msg(strerror(errno));	/* fake perror() */
+            if (use_savedir)
+	        return FALSE;
+        }
     } while (savef == NULL);
 
     /*