Replace show result with debug evaluate command The show result subcommand was quite unsafe. Even though it limited the globals for strings passed to the env() builtin, it was still possible for admins to do things like call the exec() builtin and then import other modules, or use open() to overwrite files writeable by the user under which the engine was running. Introduce a new evaluate command as a substitute and remove the show result subcommand. Use the debugging framework to limit access to evaluate so that it's only available if debug mode is enabled in the configuration at the time the daemon is started. Further limit evaluate to not have most of the normal builtins, and explicitly reject any strings containing a double-underscore (__) so that base attributes of other modules such as __builtins__ can't be called into easily, or "lambda" so that lambda functions can't be used to work around protections. Also add some selftests to make sure evaluate can still use the expressions we previously tested with show result, and that only administrators can use it, and that it's only available to them when debug mode is enabled. The evaluate command is still to be considered quite unsafe, and debug mode should only be engaged when all administrators with access to the service are trusted with the same permissions the system account running the service also possesses.
Start checking codebase with the codespell tool Use master branch tip of codespell for now, until it supports configuration in the included .codespellrc in a released version. Also correct things its default dictionary selection identified as misspellings, with the exception of intentional misspellings in the sample spelling correction config and selftest which exercises it.
Clean up function names in menu definitions Now that the functions called from menus are filtered and resolved safely rather than being directly executed, the explicit mudpy package name and the user parameter passing are no longer necessary. Remove them from the function names in menu definitions and also drop the old compatibility code which trims them.
Dereference command action functions Replace the use of Python expressions for command actions with simple names of functions relative to the mudpy package namespace. This removes an unsafe use of exec(). Also start catching all exceptions raised by the execution of a command and simply logging them rather than allowing them to crash the engine.
Always pass parameters in commands When calling a command handler, pass a parameters object regardless of whether the command actually needs one. This normalizes the interface between command actions and their corresponding handler functions so they can be called through a generic interface in the future.