Skip to content

Commit

Permalink
Document internal usage of encode/decode_variant
Browse files Browse the repository at this point in the history
  • Loading branch information
RedMser committed Jan 17, 2023
1 parent f032629 commit dc70ab5
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 0 deletions.
2 changes: 2 additions & 0 deletions doc/classes/FileAccess.xml
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,7 @@
<param index="0" name="allow_objects" type="bool" default="false" />
<description>
Returns the next [Variant] value from the file. If [param allow_objects] is [code]true[/code], decoding objects is allowed.
Internally, this uses the same decoding mechanism as the [method @GlobalScope.bytes_to_var] method.
[b]Warning:[/b] Deserialized objects can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats such as remote code execution.
</description>
</method>
Expand Down Expand Up @@ -447,6 +448,7 @@
<param index="1" name="full_objects" type="bool" default="false" />
<description>
Stores any Variant value in the file. If [param full_objects] is [code]true[/code], encoding objects is allowed (and can potentially include code).
Internally, this uses the same encoding mechanism as the [method @GlobalScope.var_to_bytes] method.
[b]Note:[/b] Not all properties are included. Only properties that are configured with the [constant PROPERTY_USAGE_STORAGE] flag set will be serialized. You can add a new usage flag to a property by overriding the [method Object._get_property_list] method in your class. You can also check how property usage is configured by calling [method Object._get_property_list]. See [enum PropertyUsageFlags] for the possible usage flags.
</description>
</method>
Expand Down
2 changes: 2 additions & 0 deletions doc/classes/Marshalls.xml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
<param index="1" name="allow_objects" type="bool" default="false" />
<description>
Returns a decoded [Variant] corresponding to the Base64-encoded string [param base64_str]. If [param allow_objects] is [code]true[/code], decoding objects is allowed.
Internally, this uses the same decoding mechanism as the [method @GlobalScope.bytes_to_var] method.
[b]Warning:[/b] Deserialized objects can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats such as remote code execution.
</description>
</method>
Expand All @@ -52,6 +53,7 @@
<param index="1" name="full_objects" type="bool" default="false" />
<description>
Returns a Base64-encoded string of the [Variant] [param variant]. If [param full_objects] is [code]true[/code], encoding objects is allowed (and can potentially include code).
Internally, this uses the same encoding mechanism as the [method @GlobalScope.var_to_bytes] method.
</description>
</method>
</methods>
Expand Down
2 changes: 2 additions & 0 deletions doc/classes/PacketPeer.xml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
<param index="0" name="allow_objects" type="bool" default="false" />
<description>
Gets a Variant. If [param allow_objects] is [code]true[/code], decoding objects is allowed.
Internally, this uses the same decoding mechanism as the [method @GlobalScope.bytes_to_var] method.
[b]Warning:[/b] Deserialized objects can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats such as remote code execution.
</description>
</method>
Expand All @@ -49,6 +50,7 @@
<param index="1" name="full_objects" type="bool" default="false" />
<description>
Sends a [Variant] as a packet. If [param full_objects] is [code]true[/code], encoding objects is allowed (and can potentially include code).
Internally, this uses the same encoding mechanism as the [method @GlobalScope.var_to_bytes] method.
</description>
</method>
</methods>
Expand Down
2 changes: 2 additions & 0 deletions doc/classes/StreamPeer.xml
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@
<param index="0" name="allow_objects" type="bool" default="false" />
<description>
Gets a Variant from the stream. If [param allow_objects] is [code]true[/code], decoding objects is allowed.
Internally, this uses the same decoding mechanism as the [method @GlobalScope.bytes_to_var] method.
[b]Warning:[/b] Deserialized objects can contain code which gets executed. Do not use this option if the serialized object comes from untrusted sources to avoid potential security threats such as remote code execution.
</description>
</method>
Expand Down Expand Up @@ -234,6 +235,7 @@
<param index="1" name="full_objects" type="bool" default="false" />
<description>
Puts a Variant into the stream. If [param full_objects] is [code]true[/code] encoding objects is allowed (and can potentially include code).
Internally, this uses the same encoding mechanism as the [method @GlobalScope.var_to_bytes] method.
</description>
</method>
</methods>
Expand Down

0 comments on commit dc70ab5

Please sign in to comment.