summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorhobbs <hobbs>2002-02-22 19:51:29 (GMT)
committerhobbs <hobbs>2002-02-22 19:51:29 (GMT)
commit13515e3f357dbe28bc7a0d420aa4c89db2d23561 (patch)
tree69dedf5a24d87d82afd4f3238c05c64ab0b6bd3a
parent13460529f07c3b6cefa73a73c4b20677a974859e (diff)
downloadtcl-13515e3f357dbe28bc7a0d420aa4c89db2d23561.zip
tcl-13515e3f357dbe28bc7a0d420aa4c89db2d23561.tar.gz
tcl-13515e3f357dbe28bc7a0d420aa4c89db2d23561.tar.bz2
* library/safe.tcl (CheckFileName): removed the limit on
sourceable file names (was only *.tcl or tclIndex files with no more than one dot and 14 chars). There is enough internal protection in a safe interpreter already. Fixes [Tk Bug #521560].
-rw-r--r--library/safe.tcl22
1 files changed, 6 insertions, 16 deletions
diff --git a/library/safe.tcl b/library/safe.tcl
index 6d4c41b..9faeffe 100644
--- a/library/safe.tcl
+++ b/library/safe.tcl
@@ -12,7 +12,7 @@
# See the file "license.terms" for information on usage and redistribution
# of this file, and for a DISCLAIMER OF ALL WARRANTIES.
#
-# RCS: @(#) $Id: safe.tcl,v 1.7 2000/11/24 13:56:40 dkf Exp $
+# RCS: @(#) $Id: safe.tcl,v 1.8 2002/02/22 19:51:29 hobbs Exp $
#
# The implementation is based on namespaces. These naming conventions
@@ -695,24 +695,14 @@ proc ::safe::setLogCmd {args} {
}
}
-
+
# file name control (limit access to files/ressources that should be
# a valid tcl source file)
proc CheckFileName {slave file} {
- # limit what can be sourced to .tcl
- # and forbid files with more than 1 dot and
- # longer than 14 chars
- set ftail [file tail $file]
- if {[string length $ftail]>14} {
- error "$ftail: filename too long"
- }
- if {[regexp {\..*\.} $ftail]} {
- error "$ftail: more than one dot is forbidden"
- }
- if {[string compare $ftail "tclIndex"] && \
- [string compare -nocase [file extension $ftail] ".tcl"]} {
- error "$ftail: must be a *.tcl or tclIndex"
- }
+ # This used to limit what can be sourced to ".tcl" and forbid files
+ # with more than 1 dot and longer than 14 chars, but I changed that
+ # for 8.4 as a safe interp has enough internal protection already
+ # to allow sourcing anything. - hobbs
if {![file exists $file]} {
# don't tell the file path