From: Florian W. <fw...@de...> - 2004-11-29 17:18:21
|
* Crawford Currie: > OK, I used the more "modern" version of the Search filter. I put in a BEGIN > block in Sandbox.pm to detect 5.008 and POSIX. If either isn't there it > falls back on the old, unsafe, way of doing things. The one question > in my mind is what additional command-line filtration is required in this > case. Applying the standard TWiki security filters to all parameters and enclosing them with the $cmdQuote characters should be enough (and mostly equivalent to the old code). > Note that I'm working in the DEVELOP branch; it is non-trivial to > merge back to MAIN from there, due to the length of time the branch > has been alive (months). I would like to think it is the codebase > for the next release, but that is not under my control. The idea is to put the new functions into TWiki::Sandbox, too. If the branch doesn't close anytime soon, this might make it a little bit easier to merge back and forth. > On Monday 29 November 2004 11:57, Florian Weimer wrote: >> Windows/non-POSIX support is harder. I really don't know what Perl's >> backtick operator does on Windows. Does it invoke CMD.EXE? The... >> I wouldn't be too surprised if different Perl implementations >> (e.g. ActiveState and Cygwin) used different constructs on Windows. > > Backtick invokes Cygwin 'sh' in that environment, so it should > be treatable as a UNIX platform. Should. It's more interesting what happens if your RCS.EXE is a native Windows program (and not a Cygwin executable). |