[Bf-committers] Blender 2.42 Web Browser Plugin
Erwin Coumans
erwin at erwincoumans.com
Sat Jul 8 18:54:33 CEST 2006
Hi Stephen Swaney,
Did you just 'speculate' there is no sandbox, or did you verify that? Did I
miss something?
I had to add code to enable the new PhysicsConstraints module, because it
didn't import, due to that sandbox.
Only GameLogic,GameKeys,PhysicsConstraints,Rasterizer can be imported:
See BlenderPlayerCtl.cpp:
http://projects.blender.org/viewcvs/viewcvs.cgi/blender/source/gameengine/GamePlayer/ActiveX/BlenderPlayerCtl.cpp.diff?r1=1.8&r2=1.9&cvsroot=bf-blender
PyObject* m_dictionaryobject = initGamePlayerPythonScripting("Ketsji",
psl_Highest);
This calls:
PyObject* initGamePlayerPythonScripting(const STR_String& progname,
TPythonSecurityLevel level)
{
....
setSandbox(level); (which is psl_Highest)
}
void setSandbox(TPythonSecurityLevel level)
{
PyObject *m = PyImport_AddModule("__builtin__");
PyObject *d = PyModule_GetDict(m);
PyObject *meth = PyCFunction_New(meth_open, NULL);
switch (level) {
case psl_Highest:
PyDict_SetItemString(d, "open", meth); (which disallows opening risky
modules)
meth = PyCFunction_New(meth_import, NULL);
PyDict_SetItemString(d, "__import__", meth);
break;
}
which
PyObject *KXpy_import(PyObject *self, PyObject *args)
{
char *name;
PyObject *globals = NULL;
PyObject *locals = NULL;
PyObject *fromlist = NULL;
PyObject *l, *m, *n;
if (!PyArg_ParseTuple(args, "s|OOO:m_import",
&name, &globals, &locals, &fromlist))
return NULL;
/* check for builtin modules */
m = PyImport_AddModule("sys");
l = PyObject_GetAttrString(m, "builtin_module_names");
n = PyString_FromString(name);
if (PySequence_Contains(l, n)) {
return PyImport_ImportModuleEx(name, globals, locals, fromlist);
}
/* quick hack for GamePython modules
TODO: register builtin modules properly by ExtendInittab */
if (!strcmp(name, "GameLogic") || !strcmp(name, "GameKeys") ||
!strcmp(name, "PhysicsConstraints") ||
!strcmp(name, "Rasterizer")) {
return PyImport_ImportModuleEx(name, globals, locals, fromlist);
}
PyErr_Format(PyExc_ImportError,
"Import of external Module %.20s not allowed.", name);
return NULL;
}
Thanks,
Erwin
----- Original Message -----
From: "Stephen Swaney" <sswaney at centurytel.net>
To: "bf-blender developers" <bf-committers at projects.blender.org>
Sent: Friday, July 07, 2006 8:36 AM
Subject: Re: [Bf-committers] Blender 2.42 Web Browser Plugin
> On Thu, Jul 06, 2006 at 05:51:14PM -0400, erwin at erwincoumans.com wrote:
>
>> The first steps to a working Blender 2.42 Web Browser Plugin are done.
>>
>> http://www.continuousphysics.com/Bullet/phpBB2/viewtopic.php?t=406
>>
>> This is Windows, ActiveX. It is reported to work under Internet Explorer,
>> and Firefox (using 'render as Internet Explorer 'ActiveX').
>
>
> Please correct me if I am missing something here, but without some sort
> of sandboxing mechanism we are are creating a huge security hole.
>
> Releasing something like this does not seem like a good idea.
>
>
> (note: sorry it this is a dup. it was sent last night while
> the servers were wonky)
> --
> Stephen Swaney
> sswaney at centurytel.net
>
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at projects.blender.org
> http://projects.blender.org/mailman/listinfo/bf-committers
>
More information about the Bf-committers
mailing list