Skip to content

[MODDING] Sandboxed FlxSave #6444

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: develop
Choose a base branch
from
+40 −4
Draft

[MODDING] Sandboxed FlxSave #6444

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
959e5f6
awesome flxsave
ComedyLost Nov 20, 2025
16335cc
awesome flxsave
ComedyLost Nov 20, 2025
a7783bf
Merge branch 'sandboxed-flxsave' of https://github.com/ComedyLost/Fun…
ComedyLost Nov 21, 2025
0e64cfc
use constants instead
ComedyLost Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions source/funkin/modding/PolymodHandler.hx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,9 @@ class PolymodHandler
// NOTE: Scripted classes are automatically aliased to their parent class.
Polymod.addImportAlias('flixel.math.FlxPoint', flixel.math.FlxPoint.FlxBasePoint);

// flixel.util.FlxSave has a `resolveFlixelClasses` function
Polymod.addImportAlias('flixel.util.FlxSave', funkin.save.FlxSaveSandboxed);

Polymod.addImportAlias('funkin.data.event.SongEventSchema', funkin.data.event.SongEventSchema.SongEventSchemaRaw);

// `lime.utils.Assets` literally just has a private `resolveClass` function for some reason? so we replace it with our own.
Expand Down Expand Up @@ -315,10 +318,6 @@ class PolymodHandler
// Unserializer.DEFAULT_RESOLVER.resolveClass() can access blacklisted packages
Polymod.blacklistImport('haxe.Unserializer');

// `flixel.util.FlxSave`
// FlxSave.resolveFlixelClasses() can access blacklisted packages
Polymod.blacklistImport('flixel.util.FlxSave');

// Disable access to AdMob Util
Polymod.blacklistImport('funkin.mobile.util.AdMobUtil');

Expand Down
37 changes: 37 additions & 0 deletions source/funkin/save/FlxSaveSandboxed.hx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
package funkin.save;

import flixel.util.FlxSave;
import haxe.Exception;

/**
* Wrapper for `FlxSave`
* Prevents the use of `resolveFlixelClasses` function
* Also locks down saves to only save inside the `FunkinCrew` folder
*/
@:nullSafety
class FlxSaveSandboxed extends FlxSave
{
public function new()
{
super();
}

override public function bind(name:String, ?path:String, ?backupParser:(String, Exception)->Null<Any>):Bool
{
if (name == Constants.SAVE_NAME + Constants.BASE_SAVE_SLOT && path == null) throw 'Unable to bind to $name. Use funkin.save.Save instead.';
return super.bind(name, Constants.SAVE_PATH + (path != null ? '/$path' : ''), backupParser);
}

override public function mergeDataFrom(name:String, ?path:String, overwrite = false, eraseSave = true, minFileSize = 0):Bool
{
if (name == Constants.SAVE_NAME + Constants.BASE_SAVE_SLOT && path == null) throw 'Unable to merge from a Funkin save.';
return super.mergeDataFrom(name, Constants.SAVE_PATH + (path != null ? '/$path' : ''), overwrite, false, minFileSize);
}

@:unreflective
override public function erase():Bool
{
if (this.name == Constants.SAVE_NAME + Constants.BASE_SAVE_SLOT && this.path == Constants.SAVE_PATH) throw 'Unable to delete ${this.name}.';
return super.erase();
}
}