diff options
author | dgp <dgp@users.sourceforge.net> | 2004-08-13 21:45:03 (GMT) |
---|---|---|
committer | dgp <dgp@users.sourceforge.net> | 2004-08-13 21:45:03 (GMT) |
commit | fcdb3fb3304b33b2a76e2e47d92cdd5c2ca4c145 (patch) | |
tree | 011db527152f67bf2b14302005e96f9c961038c1 /library | |
parent | 8b645aed8f5bf864e5e9244d9784a7536a932c02 (diff) | |
download | tcl-fcdb3fb3304b33b2a76e2e47d92cdd5c2ca4c145.zip tcl-fcdb3fb3304b33b2a76e2e47d92cdd5c2ca4c145.tar.gz tcl-fcdb3fb3304b33b2a76e2e47d92cdd5c2ca4c145.tar.bz2 |
* library/msgcat/msgcat.tcl: Added checks to prevent [mclocale]
* tests/msgcat.test: from registering filesystem paths to possibly
malicious code to be evaluated by a later [mcload].
* library/msgcat/pkgIndex.tcl: Bump to msgcat 1.3.3
Diffstat (limited to 'library')
-rw-r--r-- | library/msgcat/msgcat.tcl | 11 | ||||
-rw-r--r-- | library/msgcat/pkgIndex.tcl | 2 |
2 files changed, 9 insertions, 4 deletions
diff --git a/library/msgcat/msgcat.tcl b/library/msgcat/msgcat.tcl index 044dcbb..217a618 100644 --- a/library/msgcat/msgcat.tcl +++ b/library/msgcat/msgcat.tcl @@ -10,12 +10,12 @@ # See the file "license.terms" for information on usage and redistribution # of this file, and for a DISCLAIMER OF ALL WARRANTIES. # -# RCS: @(#) $Id: msgcat.tcl,v 1.17.2.3 2004/03/31 18:51:01 dgp Exp $ +# RCS: @(#) $Id: msgcat.tcl,v 1.17.2.4 2004/08/13 21:45:16 dgp Exp $ package require Tcl 8.2 # When the version number changes, be sure to update the pkgIndex.tcl file, # and the installation directory in the Makefiles. -package provide msgcat 1.3.2 +package provide msgcat 1.3.3 namespace eval msgcat { namespace export mc mcload mclocale mcmax mcmset mcpreferences mcset \ @@ -227,7 +227,12 @@ proc msgcat::mclocale {args} { } if {$len == 1} { - set Locale [string tolower [lindex $args 0]] + set newLocale [lindex $args 0] + if {$newLocale ne [file tail $newLocale]} { + return -code error "invalid newLocale value \"$newLocale\":\ + could be path to unsafe code." + } + set Locale [string tolower $newLocale] set Loclist {} set word "" foreach part [split $Locale _] { diff --git a/library/msgcat/pkgIndex.tcl b/library/msgcat/pkgIndex.tcl index a048de1..91a93ad 100644 --- a/library/msgcat/pkgIndex.tcl +++ b/library/msgcat/pkgIndex.tcl @@ -1,2 +1,2 @@ if {![package vsatisfies [package provide Tcl] 8.2]} {return} -package ifneeded msgcat 1.3.2 [list source [file join $dir msgcat.tcl]] +package ifneeded msgcat 1.3.3 [list source [file join $dir msgcat.tcl]] |