diff options
| author | dgp@users.sourceforge.net <dgp> | 2004-08-13 21:39:24 (GMT) |
|---|---|---|
| committer | dgp@users.sourceforge.net <dgp> | 2004-08-13 21:39:24 (GMT) |
| commit | 7f6de9384d5083a80f68eb690b517a3f8b266dce (patch) | |
| tree | 40e17c45b7747508177587d20cbd2f42e572da34 /library/msgcat/msgcat.tcl | |
| parent | ca01af2954c34a411cefa641d46ebe848a87025b (diff) | |
| download | tcl-7f6de9384d5083a80f68eb690b517a3f8b266dce.zip tcl-7f6de9384d5083a80f68eb690b517a3f8b266dce.tar.gz tcl-7f6de9384d5083a80f68eb690b517a3f8b266dce.tar.bz2 | |
* library/msgcat/msgcat.tcl: Added checks to prevent [mclocale]
* tests/msgcat.test: from registering filesystem paths to possibly
malicious code to be evaluated by a later [mcload].
Diffstat (limited to 'library/msgcat/msgcat.tcl')
| -rw-r--r-- | library/msgcat/msgcat.tcl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/library/msgcat/msgcat.tcl b/library/msgcat/msgcat.tcl index 4db7890..a4cf23e 100644 --- a/library/msgcat/msgcat.tcl +++ b/library/msgcat/msgcat.tcl @@ -10,7 +10,7 @@ # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: msgcat.tcl,v 1.21 2004/03/31 18:51:33 dgp Exp $ +# RCS: @(#) $Id: msgcat.tcl,v 1.22 2004/08/13 21:39:24 dgp Exp $ package require Tcl 8.5 # When the version number changes, be sure to update the pkgIndex.tcl file, @@ -229,7 +229,12 @@ proc msgcat::mclocale {args} { } if {$len == 1} { - set Locale [string tolower [lindex $args 0]] + set newLocale [lindex $args 0] + if {$newLocale ne [file tail $newLocale]} { + return -code error "invalid newLocale value \"$newLocale\":\ + could be path to unsafe code." + } + set Locale [string tolower $newLocale] set Loclist {} set word "" foreach part [split $Locale _] { |