Yesterday, when playing around with my network code, I realized there is
a security issue in decode_variant, at least when decoding PoolArrays.
Basically, the size of the PoolArray is encoded in a uint32_t, when
decoding it, that value is cast to int when comparing if the packet is
actually that size causing numbers with MSB=1 to be interpreted as
negative thus always passing the check. That same value though, is used
as uint32_t again to resize the output vector. For this reason, sending
a malformed packet with declared type PoolByteArray and size of 2^31(+x)
causes the engine to try to allocate 2+GB of pool memory, causing the
engine to crash.
Same as erase, but it returns a boolean value indicating whether the pair was erased or not.
This method should be removed during the next compatibility breakage, and 'Dictionary::erase(key)' should be changed to return a boolean.
(cherry picked from commit 2f69e36cef)
_ALWAYS_INLINE_ and _FORCE_INLINE_ are now equivalent for debug and
non-debug builds. This is a lot faster for Vector in the editor and
while running tests. The reason why this difference used to exist is
because force-inlined methods used to give a bad debugging experience.
After extensive testing with modern compilers this is no longer the
case.
Before this change, missing User-Agent and Accept headers were automatically
added on all platforms. Setting the User-Agent header forces the browser to
do a CORS preflight (see 1) which fails if the HTTP endpoint is not
configured appropriate. It's not neccesary to set either header as the
browser sets them and so this commit disables that functionality on the JS
target.
1: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simple_requests
(cherry picked from commit 8a4dccc4ce)
Now generating mouse events from touch is optional (on by default) and it's performed by `InputDefault` instead of having each OS abstraction doing it. (*)
The translation algorithm waits for a touch index to be pressed and tracks it translating its events to mouse events until it is raised, while ignoring other pointers.
Furthermore, to avoid an stuck "touch mouse", since not all platforms may report touches raised when the window is unfocused, it checks if touches are still down by the time it's focused again and if so it resets the state of the emulated mouse.
*: In the case of Windows, since it already provides touch-to-mouse translation by itself, "echo" mouse events are filtered out to have it working like the rest.
On X11 a little hack has been needed to avoid a case of a spurious mouse motion event that is generated during touch interaction.
Plus: Improve/fix tracking of current mouse position.
This hasn't made it into master yet but is important for mono support.
If this turns out to be the wrong call we'll revert and merge whatever
next version of this becomes available.
When adding a directory path to the inventory of the pack, an empty file name was being added to the file list. That made `Directory.get_ntext()` signal end-of-list too early so that files in a subdirectory were missed.
Fixes#15801.
Helps with #16798.
(cherry picked from commit 536611704a)
Now the action name is quoted if it contains spaces. Also, quotation
mark (") is added to the forbidden character list for action names, as
it was also a bug.
Fix#17322
(cherry picked from commit ea94a82596)
Disallow reserved keywords as class names and prefix base class with the Godot
namespace if it's the same as the class name.
Fixes#12483
(cherry picked from commit 700d07cf7c)
Starting from April 2018 Apple no longer accepts apps that do not
support iPhone X. For games this mainly means respecting the safe area,
unobstructed by notch and virtual home button. UI controls must be
placed within the safe area so that users can interact with them.
This commit:
- Adds OS::get_window_safe_area method that returns unobscured area of
the window, where interactive controls should be rendered.
- Reorganizes how launch screens are exported - the previous way was
incorrect and modern iPhones did not pick up the correct screens and
because of that used a non-native resolution to render the game.
- Adds launch screen options for iPhone X.
- Makes launch screens optional in the export template. If not
specified, a white screen will be used.
- Adds App Store icon (1024x1024) export option as it now has to be
bundled with the app instead of being provided in iTunes Connect.
- Fixes crash when launching games in iOS Simulator. It happened because
controllerWasConnected callback came before the engine was
initialized. Now in such case the controllers will be queued up and
registered after initialization is done.
- Fixes issue with the virtual keyboard where for some reason
autocorrection panel would intersect with the keyboard itself and not
allow you to use the top row of the keyboard. This is fixed by
disabling autocorrection altogether.
Closes#17358. Fixes#17428. Fixes#17331.
(cherry picked from commit 1d9a3a9b1c)
(cherry picked from commit 1fc85b87bd)
The original commit's message said "percent-encoding" because it was fixing the same code under a different method name. That rename was reverted but the fix was and is still relevant.
The previous logic with VERSION_MKSTRING was a bit unwieldy, so there were
several places hardcoding their own variant of the version string, potentially
with bugs (e.g. forgetting the patch number when defined).
The new logic defines:
- VERSION_BRANCH, the main 'major.minor' version (e.g. 3.1)
- VERSION_NUMBER, which can be 'major.minor' or 'major.minor.patch',
depending on whether the latter is defined (e.g. 3.1.4)
- VERSION_FULL_CONFIG, which contains the version status (e.g. stable)
and the module-specific suffix (e.g. mono)
- VERSION_FULL_BUILD, same as above but with build/reference name
(e.g. official, custom_build, mageia, etc.)
Note: Slight change here, as the previous format had the build name
*before* the module-specific suffix; now it's after
- VERSION_FULL_NAME, same as before, so VERSION_FULL_BUILD prefixed
with "Godot v" for readability
Bugs fixed thanks to that:
- Export templates version matching now properly takes VERSION_PATCH
into account by relying on VERSION_FULL_CONFIG.
- ClassDB hash no longer takes the build name into account, but limits
itself to VERSION_FULL_CONFIG (build name is cosmetic, not relevant
for the API hash).
- Docs XML no longer hardcode the VERSION_STATUS, this was annoying.
- Small cleanup in Windows .rc file thanks to new macros.
(cherry picked from commit 23ebae01dc)
Regression introduced in #16825.
My logic was correct, but not the error code I was expecting.
The error reporting in FileAccess likely needs a review too.
(cherry picked from commit 57d562b394)
And use it to better report errors in the console and project manager
when a project.godot file is corrupted.
Fixes#14963.
(cherry picked from commit 7839076f95)
Found via `codespell -q 3 --skip="./thirdparty,./editor/translations" -I ../godot-word-whitelist.txt`
Whitelist consists of:
```
ang
doubleclick
lod
nd
que
te
unselect
```
(cherry picked from commit 612ab4bbc6)
Windows does not fully respect ISO 639-1 like other systems,
so we have to override its locale values for those languages.
Also added comments to document the locale provenance.
(cherry picked from commit 0c7bed45c4)
The ear clipping algorithm used to triangulate polygons has a slightly too conservative point-in-triangle test which can, in some configurations prevent it from finding a possible tessellation. Relaxing the test by considering that points exactly on edges don't belong the triangle fixes the issue. Changing the semantic of the test is safe because no other code makes use of it. A more detailed explanation can be found in issue #16395.
Fixes#16395.
(cherry picked from commit 91215e1919)
- Added bindings for multimesh, immediate, skeleton, light, reflection probe, gi probe, lightmap, particles, camera, environment, scenario, instance
- Removed draw and sync, were duplicates of force_* equivalents
- Bumped binders max arguments from 11 to 13
- Wrote some wrappers as not all methods were variant-friendly
(cherry picked from commit e415fd05bb)
Fabio Alessandrelli
Ignacio Etcheverry
Hein-Pieter van Braam
Rémi Verschelde
Pedro J. Estébanez
GagaPete
Rhody Lugo
bruvzg
Hugo Locurcio
Alexander Alekseev
Paul Joannon
Ibrahn Sahir
RaphaelHunter
Max Hilbrunner
Marcelo Fernandez
George Marques
Bojidar Marinov
Crazy-P
robfram
Andreas Haas
Ruslan Mustakov
Andrew Dunai
Nicolas Silva
Poommetee Ketson
Artem Varaksa
luz.paz
hungrymonkey
Marc Gilleron