From a0acc63c7d0171f1b45bebf9d74744515f9217c7 Mon Sep 17 00:00:00 2001 From: daurnimator Date: Mon, 29 May 2017 17:18:58 +1000 Subject: Don't pass user input as format to luaL_error --- src/loslib.js | 6 +++--- src/lstrlib.js | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/loslib.js b/src/loslib.js index 976ab92..baaee74 100644 --- a/src/loslib.js +++ b/src/loslib.js @@ -44,14 +44,14 @@ const getfield = function(L, key, d, delta) { let res = lua.lua_tointegerx(L, -1); if (res === false) { /* field is not an integer? */ if (t !== lua.LUA_TNIL) /* some other value? */ - return lauxlib.luaL_error(L, lua.to_luastring(`field '${key}' is not an integer`), true); + return lauxlib.luaL_error(L, lua.to_luastring("field '%s' is not an integer"), key); else if (d < 0) /* absent field; no default? */ - return lauxlib.luaL_error(L, lua.to_luastring(`field '${key}' missing in date table`), true); + return lauxlib.luaL_error(L, lua.to_luastring("field '%s' missing in date table"), key); res = d; } else { if (!(-L_MAXDATEFIELD <= res && res <= L_MAXDATEFIELD)) - return lauxlib.luaL_error(L, lua.to_luastring(`field '${key}' is out-of-bound`), true); + return lauxlib.luaL_error(L, lua.to_luastring("field '%s' is out-of-bound"), key); res -= delta; } lua.lua_pop(L, 1); diff --git a/src/lstrlib.js b/src/lstrlib.js index 41c48ef..56817a0 100644 --- a/src/lstrlib.js +++ b/src/lstrlib.js @@ -1107,7 +1107,7 @@ const push_onecapture = function(ms, i, s, e) { if (i === 0) lua.lua_pushlstring(ms.L, ms.src.slice(s), e - s); /* add whole match */ else - lauxlib.luaL_error(ms.L, lua.to_luastring(`invalid capture index %${i + 1}`)); + lauxlib.luaL_error(ms.L, lua.to_luastring("invalid capture index %%%d"), i + 1); } else { let l = ms.capture[i].len; if (l === CAP_UNFINISHED) lauxlib.luaL_error(ms.L, lua.to_luastring("unfinished capture", true)); -- cgit v1.2.3-70-g09d2