Package: Holo-Surveilance
I just read a different review, and only just then discovered that it was releteive to the block not asbolute.
Plus it uses minetest.deserialize without filters allowing a server Compromise.
I am not sure what that means, could you please explain?
I put it on a sloping hill and it says it is flat.
You probably just set the coordinates wrong, they are relative to the block, I hope that helps.
This is incorrect, it only ever passes user input to deserialize and so it is safe
An option to highlight the scanned area has been added, I hope this helps you.
i do not understand. You can control the user-input.
Also RisingLeaf, typing in non-numbers into the input box allows crashing the server.
the only place that the meta is set is here, and it always serializes: https://github.com/RisingLeaf/holosurveilance/blob/main/init.lua#L74
Minetest version 5.3 and below have a vulnerability that allows setting item stack keys, but this is an engine issue and has been fixed for a long time.
I just read a different review, and only just then discovered that it was releteive to the block not asbolute.
I am not sure what that means, could you please explain?
You probably just set the coordinates wrong, they are relative to the block, I hope that helps.
This is incorrect, it only ever passes user input to deserialize and so it is safe
An option to highlight the scanned area has been added, I hope this helps you.
i do not understand. You can control the user-input.
Also RisingLeaf, typing in non-numbers into the input box allows crashing the server.
the only place that the meta is set is here, and it always serializes: https://github.com/RisingLeaf/holosurveilance/blob/main/init.lua#L74
Minetest version 5.3 and below have a vulnerability that allows setting item stack keys, but this is an engine issue and has been fixed for a long time.