summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/classes/@GDScript.xml9
-rw-r--r--doc/classes/File.xml9
-rw-r--r--doc/classes/Marshalls.xml9
-rw-r--r--doc/classes/MultiplayerAPI.xml4
-rw-r--r--doc/classes/PacketPeer.xml12
-rw-r--r--doc/classes/StreamPeer.xml9
6 files changed, 42 insertions, 10 deletions
diff --git a/doc/classes/@GDScript.xml b/doc/classes/@GDScript.xml
index 2392c528e3..df52f8503a 100644
--- a/doc/classes/@GDScript.xml
+++ b/doc/classes/@GDScript.xml
@@ -136,8 +136,11 @@
</return>
<argument index="0" name="bytes" type="PoolByteArray">
</argument>
+ <argument index="1" name="allow_objects" type="bool" default="false">
+ </argument>
<description>
- Decodes a byte array back to a value.
+ Decodes a byte array back to a value. When [code]allow_objects[/code] is [code]true[/code] decoding objects is allowed.
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</description>
</method>
<method name="cartesian2polar">
@@ -1112,8 +1115,10 @@
</return>
<argument index="0" name="var" type="Variant">
</argument>
+ <argument index="1" name="full_objects" type="bool" default="false">
+ </argument>
<description>
- Encodes a variable value to a byte array.
+ Encodes a variable value to a byte array. When [code]full_objects[/code] is [code]true[/code] encoding objects is allowed (and can potentially include code).
</description>
</method>
<method name="var2str">
diff --git a/doc/classes/File.xml b/doc/classes/File.xml
index df0a01a85e..533a6d6399 100644
--- a/doc/classes/File.xml
+++ b/doc/classes/File.xml
@@ -204,8 +204,11 @@
<method name="get_var" qualifiers="const">
<return type="Variant">
</return>
+ <argument index="0" name="allow_objects" type="bool" default="false">
+ </argument>
<description>
- Returns the next [Variant] value from the file.
+ Returns the next [Variant] value from the file. When [code]allow_objects[/code] is [code]true[/code] decoding objects is allowed.
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</description>
</method>
<method name="is_open" qualifiers="const">
@@ -398,8 +401,10 @@
</return>
<argument index="0" name="value" type="Variant">
</argument>
+ <argument index="1" name="full_objects" type="bool" default="false">
+ </argument>
<description>
- Stores any Variant value in the file.
+ Stores any Variant value in the file. When [code]full_objects[/code] is [code]true[/code] encoding objects is allowed (and can potentially include code).
</description>
</method>
</methods>
diff --git a/doc/classes/Marshalls.xml b/doc/classes/Marshalls.xml
index 67608c1f44..9210d0b0f5 100644
--- a/doc/classes/Marshalls.xml
+++ b/doc/classes/Marshalls.xml
@@ -34,8 +34,11 @@
</return>
<argument index="0" name="base64_str" type="String">
</argument>
+ <argument index="1" name="allow_objects" type="bool" default="false">
+ </argument>
<description>
- Return [Variant] of a given base64 encoded String.
+ Return [Variant] of a given base64 encoded String. When [code]allow_objects[/code] is [code]true[/code] decoding objects is allowed.
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</description>
</method>
<method name="raw_to_base64">
@@ -61,8 +64,10 @@
</return>
<argument index="0" name="variant" type="Variant">
</argument>
+ <argument index="1" name="full_objects" type="bool" default="false">
+ </argument>
<description>
- Return base64 encoded String of a given [Variant].
+ Return base64 encoded String of a given [Variant]. When [code]full_objects[/code] is [code]true[/code] encoding objects is allowed (and can potentially include code).
</description>
</method>
</methods>
diff --git a/doc/classes/MultiplayerAPI.xml b/doc/classes/MultiplayerAPI.xml
index fdfc8a230d..4e7f6c5b17 100644
--- a/doc/classes/MultiplayerAPI.xml
+++ b/doc/classes/MultiplayerAPI.xml
@@ -89,6 +89,10 @@
</method>
</methods>
<members>
+ <member name="allow_object_decoding" type="bool" setter="set_allow_object_decoding" getter="is_object_decoding_allowed">
+ If [code]true[/code] (or if the [member network_peer] [member PacketPeer.allow_object_decoding] the MultiplayerAPI will allow encoding and decoding of object during RPCs/RSETs.
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
+ </member>
<member name="network_peer" type="NetworkedMultiplayerPeer" setter="set_network_peer" getter="get_network_peer">
The peer object to handle the RPC system (effectively enabling networking when set). Depending on the peer itself, the MultiplayerAPI will become a network server (check with [method is_network_server]) and will set root node's network mode to master (see NETWORK_MODE_* constants in [Node]), or it will become a regular peer with root node set to puppet. All child nodes are set to inherit the network mode by default. Handling of networking-related events (connection, disconnection, new clients) is done by connecting to MultiplayerAPI's signals.
</member>
diff --git a/doc/classes/PacketPeer.xml b/doc/classes/PacketPeer.xml
index 1b2a6b96fe..3cc7ed1f84 100644
--- a/doc/classes/PacketPeer.xml
+++ b/doc/classes/PacketPeer.xml
@@ -35,8 +35,11 @@
<method name="get_var">
<return type="Variant">
</return>
+ <argument index="0" name="allow_objects" type="bool" default="false">
+ </argument>
<description>
- Get a Variant.
+ Get a Variant. When [code]allow_objects[/code] (or [member allow_object_decoding]) is [code]true[/code] decoding objects is allowed.
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</description>
</method>
<method name="put_packet">
@@ -53,13 +56,18 @@
</return>
<argument index="0" name="var" type="Variant">
</argument>
+ <argument index="1" name="full_objects" type="bool" default="false">
+ </argument>
<description>
- Send a Variant as a packet.
+ Send a Variant as a packet. When [code]full_objects[/code] (or [member allow_object_decoding]) is [code]true[/code] encoding objects is allowed (and can potentially include code).
</description>
</method>
</methods>
<members>
<member name="allow_object_decoding" type="bool" setter="set_allow_object_decoding" getter="is_object_decoding_allowed">
+ Deprecated. Use [code]get_var[/code] and [code]put_var[/code] parameters instead.
+ If [code]true[/code] the PacketPeer will allow encoding and decoding of object via [method get_var] and [method put_var].
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</member>
</members>
<constants>
diff --git a/doc/classes/StreamPeer.xml b/doc/classes/StreamPeer.xml
index 2cbb6a94fb..02f5cbeecd 100644
--- a/doc/classes/StreamPeer.xml
+++ b/doc/classes/StreamPeer.xml
@@ -127,8 +127,11 @@
<method name="get_var">
<return type="Variant">
</return>
+ <argument index="0" name="allow_objects" type="bool" default="false">
+ </argument>
<description>
- Get a Variant from the stream.
+ Get a Variant from the stream. When [code]allow_objects[/code] is [code]true[/code] decoding objects is allowed.
+ [b]WARNING:[/b] Deserialized object can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats (remote code execution).
</description>
</method>
<method name="put_16">
@@ -262,8 +265,10 @@
</return>
<argument index="0" name="value" type="Variant">
</argument>
+ <argument index="1" name="full_objects" type="bool" default="false">
+ </argument>
<description>
- Put a Variant into the stream.
+ Put a Variant into the stream. When [code]full_objects[/code] is [code]true[/code] encoding objects is allowed (and can potentially include code).
</description>
</method>
</methods>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 14:42:28 +0000