Make [file] itself be safe, to reduce breakage in existing code. [Bug 3211758]

FossilOrigin-Name: 08c372827446954b301b25a77150d0108aaa2f4b
author: dkf <dkf@noemail.net> 2011-09-26 10:46:36 (GMT)
committer: dkf <dkf@noemail.net> 2011-09-26 10:46:36 (GMT)
commit: 023d528a20d995791934bc4ebda654e1b8773620 (patch)
tree: fefa07fe0a7c1d24f6f787f9521de1b302a1e4b3 /generic/tclCmdAH.c
parent: e369109c668fd5df537e0395e88a8719365a1a1a (diff)
download: tcl-023d528a20d995791934bc4ebda654e1b8773620.zip
tcl-023d528a20d995791934bc4ebda654e1b8773620.tar.gz
tcl-023d528a20d995791934bc4ebda654e1b8773620.tar.bz2
1 files changed, 11 insertions, 0 deletions
diff --git a/generic/tclCmdAH.c b/generic/tclCmdAH.c
index fc9d39d..d036bd6 100644
--- a/generic/tclCmdAH.c
+++ b/generic/tclCmdAH.c
@@ -1063,6 +1063,17 @@ TclMakeFileCommandSafe(
     }
     Tcl_DStringFree(&oldBuf);
     Tcl_DStringFree(&newBuf);
+
+    /*
+     * Ugh. The [file] command is now actually safe, but it is assumed by
+     * scripts that it is not, which messes up security policies. [Bug
+     * 3211758]
+     */
+
+    if (Tcl_HideCommand(interp, "file", "file") != TCL_OK) {
+	Tcl_Panic("problem making 'file' safe: %s",
+		Tcl_GetString(Tcl_GetObjResult(interp)));
+    }
     return TCL_OK;
 }
author	dkf <dkf@noemail.net>	2011-09-26 10:46:36 (GMT)
committer	dkf <dkf@noemail.net>	2011-09-26 10:46:36 (GMT)
commit	023d528a20d995791934bc4ebda654e1b8773620 (patch)
tree	fefa07fe0a7c1d24f6f787f9521de1b302a1e4b3 /generic/tclCmdAH.c
parent	e369109c668fd5df537e0395e88a8719365a1a1a (diff)
download	tcl-023d528a20d995791934bc4ebda654e1b8773620.zip tcl-023d528a20d995791934bc4ebda654e1b8773620.tar.gz tcl-023d528a20d995791934bc4ebda654e1b8773620.tar.bz2