From ffde1365a5e270c7b41339e62a4182099e0ee67f Mon Sep 17 00:00:00 2001
From: Sky Dusk <47698279+Ace-Lite@users.noreply.github.com>
Date: Sun, 22 Jun 2025 15:41:54 +0200
Subject: [PATCH] Remove format whitelist for read only Lua IO and allow more
 formats.

---
 src/blua/liolib.c | 40 ++++++++++++++++++++++++++++++----------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/src/blua/liolib.c b/src/blua/liolib.c
index e6c294de0..c885a2eff 100644
--- a/src/blua/liolib.c
+++ b/src/blua/liolib.c
@@ -37,6 +37,15 @@
 // Allow scripters to write files of these types to SRB2's folder
 static const char *whitelist[] = {
 	".bmp",
+	".png",
+
+	".obj",
+
+	".json",
+	".yaml",
+	".xml",
+	".csv",
+	".soc",
 	".cfg",
 	".csv",
 	".dat",
@@ -176,7 +185,7 @@ void MakePathDirs(char *path)
 }
 
 
-static int CheckFileName(lua_State *L, const char *filename)
+static int CheckFileName(lua_State* L, const char* filename, boolean extensioncheck)
 {
 	int length = strlen(filename);
 	boolean pass = false;
@@ -188,12 +197,21 @@ static int CheckFileName(lua_State *L, const char *filename)
 		return pushresult(L,0,filename);
 	}
 
-	for (i = 0; i < (sizeof (whitelist) / sizeof(const char *)); i++)
-		if (!stricmp(&filename[length - strlen(whitelist[i])], whitelist[i]))
-		{
-			pass = true;
-			break;
-		}
+	if (extensioncheck)
+	{
+		for (i = 0; i < (sizeof(whitelist) / sizeof(const char*)); i++)
+			if (!stricmp(&filename[length - strlen(whitelist[i])], whitelist[i]))
+			{
+				pass = true;
+				break;
+			}
+	}
+	else
+	{
+		pass = true;
+	}
+
+
 	if (strstr(filename, "./")
 		|| strstr(filename, "..") || strchr(filename, ':')
 		|| filename[0] == '/'
@@ -214,7 +232,10 @@ static int io_openlocal (lua_State *L) {
 	luafiletransfer_t *filetransfer;
 	int checkresult;
 
-	checkresult = CheckFileName(L, filename);
+    // Decision was made for normal reading (binary + text) to have no whitelist restrictions
+	boolean readcheck = (strchr(mode, 'w') != NULL) || (strchr(mode, 'a') != NULL) || (strchr(mode, '+') != NULL);
+
+	checkresult = CheckFileName(L, filename, readcheck);
 	if (checkresult)
 		return checkresult;
 
@@ -240,11 +261,10 @@ static int io_open (lua_State *L) {
 	const char *mode = luaL_optstring(L, 2, "r");
 	int checkresult;
 
-	checkresult = CheckFileName(L, filename);
+	checkresult = CheckFileName(L, filename, false);
 	if (checkresult)
 		return checkresult;
 
-
 	if (lua_isfunction(L,3))
 	{
 		luaL_checktype(L, 3, LUA_TFUNCTION);