Interim windows build fix

[flightgear.git] / src / Main / util.cxx

diff --git a/src/Main/util.cxx b/src/Main/util.cxx
index 286396784476a8c36eb860459b8dfd14b0c5ee93..6bc4ddb50f36093591778d1ee750c91bb7a56167 100644 (file)
--- a/src/Main/util.cxx
+++ b/src/Main/util.cxx
@@ -75,10 +75,10 @@ fgGetLowPass (double current, double target, double timeratio)
 static string_list read_allowed_paths;
 static string_list write_allowed_paths;
 
-// Allowed paths here are absolute, and may contain _one_ *,
-// which matches any string
-// FG_SCENERY is deliberately not allowed, as it would make
-// /sim/terrasync/scenery-dir a security hole
+/**
+ * Allowed paths here are absolute, and may contain _one_ *,
+ * which matches any string
+ */
 void fgInitAllowedPaths()
 {
     if(SGPath("ygjmyfvhhnvdoesnotexist").realpath() == "ygjmyfvhhnvdoesnotexist"){
@@ -102,16 +102,25 @@ void fgInitAllowedPaths()
     read_allowed_paths.push_back(fg_root + sep + "*");
     read_allowed_paths.push_back(fg_home + sep + "*");
     string_list const aircraft_paths = globals->get_aircraft_paths();
-    for( string_list::const_iterator it = aircraft_paths.begin();
-                                     it != aircraft_paths.end();
-                                   ++it )
+    string_list const scenery_paths = globals->get_secure_fg_scenery();
+    // not plain fg_scenery, to avoid making
+    // /sim/terrasync/scenery-dir a security hole
+
+    for( string_list::const_iterator it = aircraft_paths.begin();;++it )
     {
+      if (it == aircraft_paths.end()) {
+        it = scenery_paths.begin();
+      }
+      if (it == scenery_paths.end()) {
+        break; // here rather than in the loop condition because
+               // scenery_paths may be empty
+      }
       // if we get the initialization order wrong, better to have an
       // obvious error than a can-read-everything security hole...
         if (it->empty() || fg_root.empty() || fg_home.empty()){
             flightgear::fatalMessageBox("Nasal initialization error",
-                                    "Empty string in FG_ROOT, FG_HOME or FG_AIRCRAFT",
-                                    "or fgInitAllowedPaths() called too early");
+               "Empty string in FG_ROOT, FG_HOME, FG_AIRCRAFT or FG_SCENERY",
+                                 "or fgInitAllowedPaths() called too early");
             exit(-1);
         }
         read_allowed_paths.push_back(SGPath(*it).realpath() + sep + "*");
@@ -142,10 +151,13 @@ void fgInitAllowedPaths()
     }
 }
 
-// Check whether Nasal is allowed to access a path
-// Warning: because this always (not just on Windows) converts \ to /,
-// and accepts relative paths (check-to-use race if the current directory
-// changes), always use the returned path not the original one
+/**
+ * Check whether Nasal is allowed to access a path
+ * Warning: because this always (not just on Windows) treats both \ and /
+ * as path separators, and accepts relative paths (check-to-use race if
+ * the current directory changes),
+ * always use the returned path not the original one
+ */
 std::string fgValidatePath (const std::string& path, bool write)
 {
     // Normalize the path (prevents ../../.. or symlink trickery)