Menu
▾
▴
[WWcvs] webwork2: Major bug fix for ProblemSetDetail (but 1725) Enforces all files assigned in ProblemSetDetail module to be
|
From: Mike G. v. a. <we...@ma...> - 2009-12-17 04:20:56
|
Log Message:
-----------
Major bug fix for ProblemSetDetail (but 1725)
Enforces all files assigned in ProblemSetDetail module to be accessible
through the course temp directory.
Fix is one line change near, line 1576
Tags:
----
rel-2-4-patches
Modified Files:
--------------
webwork2/lib/WeBWorK/ContentGenerator/Instructor:
ProblemSetDetail.pm
Revision Data
-------------
Index: ProblemSetDetail.pm
===================================================================
RCS file: /webwork/cvs/system/webwork2/lib/WeBWorK/ContentGenerator/Instructor/ProblemSetDetail.pm,v
retrieving revision 1.64.2.4.2.1
retrieving revision 1.64.2.4.2.2
diff -Llib/WeBWorK/ContentGenerator/Instructor/ProblemSetDetail.pm -Llib/WeBWorK/ContentGenerator/Instructor/ProblemSetDetail.pm -u -r1.64.2.4.2.1 -r1.64.2.4.2.2
--- lib/WeBWorK/ContentGenerator/Instructor/ProblemSetDetail.pm
+++ lib/WeBWorK/ContentGenerator/Instructor/ProblemSetDetail.pm
@@ -1563,7 +1563,8 @@
return "No source file specified" unless $file;
return "Problem source is drawn from a grouping set" if $file =~ /^group/;
- $file = $ce->{courseDirs}->{templates} . '/' . $file unless $file =~ m|^/|;
+# $file = $ce->{courseDirs}->{templates} . '/' . $file unless $file =~ m|^/|; # bug: 1725 allows access to all files e.g. /etc/passwd
+ $file = $ce->{courseDirs}->{templates} . '/' . $file ; # only files in template directory can be accessed
my $text = "This source file ";
my $fileError;
|
