diff options
author | W. Trevor King <wking@drexel.edu> | 2009-11-21 15:18:02 -0500 |
---|---|---|
committer | W. Trevor King <wking@drexel.edu> | 2009-11-21 15:18:02 -0500 |
commit | 614d4e40e148520ac511cbe0606bcbdcf24c8a08 (patch) | |
tree | 84742af3feb5cb65b4bba6ce9a5d9854060f569b /becommands/commit.py | |
parent | bb8dd5066f730f9bb0ac0398bf9a167e9736a808 (diff) | |
download | bugseverywhere-614d4e40e148520ac511cbe0606bcbdcf24c8a08.tar.gz |
Added restrict_file_access to becommands' execute() args.
+ associated adjustments in other files.
See cmdutil.restrict_file_access.__doc__ for an explanation of the
security hole this closes.
Diffstat (limited to 'becommands/commit.py')
-rw-r--r-- | becommands/commit.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/becommands/commit.py b/becommands/commit.py index b530fdc..39d1e2e 100644 --- a/becommands/commit.py +++ b/becommands/commit.py @@ -18,7 +18,7 @@ from libbe import cmdutil, bugdir, editor, vcs import sys __desc__ = __doc__ -def execute(args, manipulate_encodings=True): +def execute(args, manipulate_encodings=True, restrict_file_access=False): """ >>> import os >>> from libbe import bug @@ -49,6 +49,8 @@ def execute(args, manipulate_encodings=True): elif options.body == "EDITOR": body = editor.editor_string("Please enter your commit message above") else: + if restrict_file_access == True: + cmdutil.restrict_file_access(bd, options.body) body = bd.vcs.get_file_contents(options.body, allow_no_vcs=True) try: revision = bd.vcs.commit(summary, body=body, |