diff options
| author | RĂ©mi Verschelde <rverschelde@gmail.com> | 2019-04-01 17:00:40 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-04-01 17:00:40 +0200 |
| commit | e3bd84fa571661d76fc8458d65bb053988e934a6 (patch) | |
| tree | cbf6ead84d9e62d331f5399e6407f9e6777425a3 /doc/classes/StreamPeer.xml | |
| parent | e91844e8dca5d03eabd33e867fdbceb18db60cff (diff) | |
| parent | 393e62b98a5a37ccdd7d860571e2f8cc7b970fe4 (diff) | |
Merge pull request #27485 from Faless/io/encode_decode_safety_pr
Safer encode/decode variant.
Diffstat (limited to 'doc/classes/StreamPeer.xml')
| -rw-r--r-- | doc/classes/StreamPeer.xml | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/classes/StreamPeer.xml b/doc/classes/StreamPeer.xml index 2cbb6a94fb..02f5cbeecd 100644 --- a/doc/classes/StreamPeer.xml +++ b/doc/classes/StreamPeer.xml @@ -127,8 +127,11 @@ <method name="get_var"> <return type="Variant"> </return> + <argument index="0" name="allow_objects" type="bool" default="false"> + </argument> <description> - Get a Variant from the stream. + Get a Variant from the stream. When [code]allow_objects[/code] is [code]true[/code] decoding objects is allowed. + [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution). </description> </method> <method name="put_16"> @@ -262,8 +265,10 @@ </return> <argument index="0" name="value" type="Variant"> </argument> + <argument index="1" name="full_objects" type="bool" default="false"> + </argument> <description> - Put a Variant into the stream. + Put a Variant into the stream. When [code]full_objects[/code] is [code]true[/code] encoding objects is allowed (and can potentially include code). </description> </method> </methods> |