[ww-bugs] Bug 3411: Bug due to failure to follow ../parserOrientation.pl link
bugzilla-daemon at webwork.maa.org
bugzilla-daemon at webwork.maa.org
Thu Sep 3 16:10:43 EDT 2015
http://bugs.webwork.maa.org/show_bug.cgi?id=3411
--- Comment #2 from Geoff Goehle <goehle at gmail.com> 2015-09-03 16:10:43 ---
The issue at heart here is the ability for the PG system to read and print
system files, which you could do with "read_whole_file" which loadMacros uses.
I think its important that the system not do this because as more people share
servers, and since the MAA has for pay servers, its not always the case that
you trust professors on your system.
In any case, I agree that .. should be allowed. The actual safety checking is
done using the existing "path_is_subdir" routine from Utils. This method is
(according to the comments) "rudimentary" and explicitly disallows
upreferences. This is what should be improved to fix things, I think.
--
Configure bugmail: http://bugs.webwork.maa.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the webwork-bugs
mailing list