diff options
author | dgp <dgp@users.sourceforge.net> | 2004-08-13 21:39:24 (GMT) |
---|---|---|
committer | dgp <dgp@users.sourceforge.net> | 2004-08-13 21:39:24 (GMT) |
commit | d9ab72b3082ccef8f68082f7e05484e303a27d37 (patch) | |
tree | 40e17c45b7747508177587d20cbd2f42e572da34 /library | |
parent | 610769bdb8172c2f6fa55f1cb6b0b4f7d40bc5ce (diff) | |
download | tcl-d9ab72b3082ccef8f68082f7e05484e303a27d37.zip tcl-d9ab72b3082ccef8f68082f7e05484e303a27d37.tar.gz tcl-d9ab72b3082ccef8f68082f7e05484e303a27d37.tar.bz2 |
* library/msgcat/msgcat.tcl: Added checks to prevent [mclocale]
* tests/msgcat.test: from registering filesystem paths to possibly
malicious code to be evaluated by a later [mcload].
Diffstat (limited to 'library')
-rw-r--r-- | library/msgcat/msgcat.tcl | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/library/msgcat/msgcat.tcl b/library/msgcat/msgcat.tcl index 4db7890..a4cf23e 100644 --- a/library/msgcat/msgcat.tcl +++ b/library/msgcat/msgcat.tcl @@ -10,7 +10,7 @@ # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: msgcat.tcl,v 1.21 2004/03/31 18:51:33 dgp Exp $ +# RCS: @(#) $Id: msgcat.tcl,v 1.22 2004/08/13 21:39:24 dgp Exp $ package require Tcl 8.5 # When the version number changes, be sure to update the pkgIndex.tcl file, @@ -229,7 +229,12 @@ proc msgcat::mclocale {args} { } if {$len == 1} { - set Locale [string tolower [lindex $args 0]] + set newLocale [lindex $args 0] + if {$newLocale ne [file tail $newLocale]} { + return -code error "invalid newLocale value \"$newLocale\":\ + could be path to unsafe code." + } + set Locale [string tolower $newLocale] set Loclist {} set word "" foreach part [split $Locale _] { |