[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [27190] trunk/blender/release/scripts/ modules/bpy/__init__.py: remove so-called security patch,
Campbell Barton
ideasman42 at gmail.com
Sun Feb 28 18:11:42 CET 2010
Revision: 27190
http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=27190
Author: campbellbarton
Date: 2010-02-28 18:11:42 +0100 (Sun, 28 Feb 2010)
Log Message:
-----------
remove so-called security patch,
this has been used by various projects but needs to be justified since it wont remove paths that also resolve to the CWD, "." for instance.
Modified Paths:
--------------
trunk/blender/release/scripts/modules/bpy/__init__.py
Modified: trunk/blender/release/scripts/modules/bpy/__init__.py
===================================================================
--- trunk/blender/release/scripts/modules/bpy/__init__.py 2010-02-28 15:44:18 UTC (rev 27189)
+++ trunk/blender/release/scripts/modules/bpy/__init__.py 2010-02-28 17:11:42 UTC (rev 27190)
@@ -38,8 +38,10 @@
def _main():
- # security issue, dont allow the $CWD in the path.
- _sys.path[:] = filter(None, _sys.path)
+ ## security issue, dont allow the $CWD in the path.
+ ## note: this removes "" but not "." which are the same, security
+ ## people need to explain how this is even a fix.
+ # _sys.path[:] = filter(None, _sys.path)
# a bit nasty but this prevents help() and input() from locking blender
# Ideally we could have some way for the console to replace sys.stdin but
More information about the Bf-blender-cvs
mailing list