mirror of
https://github.com/CHOMPStation2/CHOMPStation2.git
synced 2025-12-11 18:53:06 +00:00
ae38fb3c48
We do not use python or nodejs scripts. Our discord bot makes HTTP requests. Therefore we can entirely disable this code. Even if we ever want to start using these procs for discord integration, we would pipe it through our HTTP discord proxy, not use shell(). With all instances of shell() disabled, we can't be attacked by it.
11 lines
352 B
Plaintext
11 lines
352 B
Plaintext
/proc/ext_python(var/script, var/args, var/scriptsprefix = 1)
|
|
return // VOREStation Edit - Can't exploit shell if we never call shell!
|
|
if(scriptsprefix) script = "scripts/" + script
|
|
|
|
if(world.system_type == MS_WINDOWS)
|
|
script = replacetext(script, "/", "\\")
|
|
|
|
var/command = config.python_path + " " + script + " " + args
|
|
|
|
return shell(command)
|