[system] Repository:
ViewVC logotype

Revision 4680


Jump to revision: Previous Next
Author: sh002i
Date: Tue Nov 28 19:12:12 2006 UTC (12 years, 11 months ago)
Log Message:
SECURITY: tighter constraints on which macro files can be loaded without
restriction. Previously, any file that *contained* the strings PG.pl,
dangerousMacros.pl, or IO.pl would be loaded with an empty opmask.

This is the second attempt to close this hole. The previous attempt
assumed that | binds tighter than ^ and $, which is not true. (Noticed
by dpvc). It also failed to escape metacharacters in the file names.

Changed paths:

Path Details
Directorytrunk/pg/lib/WeBWorK/PG/Translator.pm modified , text changed

aubreyja at gmail dot com
ViewVC Help
Powered by ViewVC 1.0.9