[system] Repository:
ViewVC logotype

Revision 4721

Jump to revision: Previous Next
Author: sh002i
Date: Sat Dec 9 00:18:00 2006 UTC (7 years, 4 months ago)
Log Message:
backport (sh002i): SECURITY: tighter constraints on which macro files
can be loaded without restriction. Previously, any file that *contained*
the strings PG.pl, dangerousMacros.pl, or IO.pl would be loaded with an
empty opmask.

This is the second attempt to close this hole. The previous attempt
assumed that | binds tighter than ^ and $, which is not true. (Noticed
by dpvc). It also failed to escape metacharacters in the file names.

Changed paths:

Path Details
Directorybranches/rel-2-3-dev/pg/lib/WeBWorK/PG/Translator.pm modified , text changed

aubreyja at gmail dot com
ViewVC Help
Powered by ViewVC 1.0.9