Added restrict_file_access to becommands' execute() args.

+ associated adjustments in other files.

See cmdutil.restrict_file_access.__doc__ for an explanation of the
security hole this closes.

1 files changed, 9 insertions, 1 deletions

diff --git a/README.dev b/README.dev
index ddc3a88..fb4f471 100644
--- a/README.dev
+++ b/README.dev
@@ -10,11 +10,19 @@ To fit into the current framework, your extension module should
 provide the following elements:
   __desc__
     A short string describing the purpose of your plugin
-  execute(args)
+  execute(args, manipulate_encodings=True, restrict_file_access=False)
     The entry function for your plugin.  args is everything from
     sys.argv after the name of your plugin (e.g. for the command
     `be open abc', args=['abc']).
 
+    manipulate_encodings should be passed through to any calls to
+    bugdir.BugDir().  See the BugDir documentation for details.
+    
+    If restrict_file_access==True, you should call
+      cmdutil.restrict_file_access(bugdir, path)
+    before attempting to read or write a file.  See the
+    restrict_file_access documentation for details.
+
     Note: be supports command-completion.  To avoid raising errors you
     need to deal with possible '--complete' options and arguments.
     See the 'Command completion' section below for more information.