|
|
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The problem, as indicated in chapter 2.2.9 earlier, is that mappings and
arrays aren't copied every time they are moved around. Instead only a
reference is passed. This is the basis for a lot of security blunders
in the code. Consider this example where the object is a guild object
that handles the membership of a guild. The global string Council
which is saved elsewhere using save_object() contains the list
of guild members.
string *Council;
public string
query_council()
{
return Council;
}
|
This looks all right, but... in fact you return the pointer to the original array. If someone else wants to add a member to your guild council he only has to do this:
void
my_fix()
{
string *stolen_council;
stolen_council = YOUR_GUILD_OB->query_council();
stolen_council += ({ "olorin" }); // Add Olorin to the council
}
|
How to fix this then? Well, simply modify your query_council()
routine to return Council + ({}) instead, and all is well.
Easy to miss, but... sooooo important!