| Log Message: |
backport (sh002i): SECURITY: tighter constraints on which macro files
can be loaded without restriction. Previously, any file that *contained*
the strings PG.pl, dangerousMacros.pl, or IO.pl would be loaded with an
empty opmask.
This is the second attempt to close this hole. The previous attempt
assumed that | binds tighter than ^ and $, which is not true. (Noticed
by dpvc). It also failed to escape metacharacters in the file names.
|
branches/rel-2-3-dev/pg/lib/WeBWorK/PG/Translator.pm