Added restrict_file_access to becommands' execute() args.

+ associated adjustments in other files. See cmdutil.restrict_file_access.__doc__ for an explanation of the security hole this closes.
author: W. Trevor King <wking@drexel.edu> 2009-11-21 15:18:02 -0500
committer: W. Trevor King <wking@drexel.edu> 2009-11-21 15:18:02 -0500
commit: 614d4e40e148520ac511cbe0606bcbdcf24c8a08 (patch)
tree: 84742af3feb5cb65b4bba6ce9a5d9854060f569b /becommands/commit.py
parent: bb8dd5066f730f9bb0ac0398bf9a167e9736a808 (diff)
download: bugseverywhere-614d4e40e148520ac511cbe0606bcbdcf24c8a08.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/becommands/commit.py b/becommands/commit.py
index b530fdc..39d1e2e 100644
--- a/becommands/commit.py
+++ b/becommands/commit.py
@@ -18,7 +18,7 @@ from libbe import cmdutil, bugdir, editor, vcs
 import sys
 __desc__ = __doc__
 
-def execute(args, manipulate_encodings=True):
+def execute(args, manipulate_encodings=True, restrict_file_access=False):
     """
     >>> import os
     >>> from libbe import bug
@@ -49,6 +49,8 @@ def execute(args, manipulate_encodings=True):
     elif options.body == "EDITOR":
         body = editor.editor_string("Please enter your commit message above")
     else:
+        if restrict_file_access == True:
+            cmdutil.restrict_file_access(bd, options.body)
         body = bd.vcs.get_file_contents(options.body, allow_no_vcs=True)
     try:
         revision = bd.vcs.commit(summary, body=body,
author	W. Trevor King <wking@drexel.edu>	2009-11-21 15:18:02 -0500
committer	W. Trevor King <wking@drexel.edu>	2009-11-21 15:18:02 -0500
commit	614d4e40e148520ac511cbe0606bcbdcf24c8a08 (patch)
tree	84742af3feb5cb65b4bba6ce9a5d9854060f569b /becommands/commit.py
parent	bb8dd5066f730f9bb0ac0398bf9a167e9736a808 (diff)
download	bugseverywhere-614d4e40e148520ac511cbe0606bcbdcf24c8a08.tar.gz