![]() |
[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
The problem, as indicated in chapter 2.2.9 earlier, is that mappings and
arrays aren't copied every time they are moved around. Instead only a
reference is passed. This is the basis for a lot of security blunders
in the code. Consider this example where the object is a guild object
that handles the membership of a guild. The global string Council
which is saved elsewhere using save_object()
contains the list
of guild members.
string *Council; public string query_council() { return Council; } |
This looks all right, but... in fact you return the pointer to the original array. If someone else wants to add a member to your guild council he only has to do this:
void my_fix() { string *stolen_council; stolen_council = YOUR_GUILD_OB->query_council(); stolen_council += ({ "olorin" }); // Add Olorin to the council } |
How to fix this then? Well, simply modify your query_council()
routine to return Council + ({})
instead, and all is well.
Easy to miss, but... sooooo important!