Revision: 27190
http://projects.blender.org/plugins/scmsvn/viewcvs.php?view=rev&root=bf-blender&revision=27190
Author: campbellbarton
Date: 2010-02-28 18:11:42 +0100 (Sun, 28 Feb 2010)
Log Message:
-----------
remove so-called security patch,
this has been used by various projects but needs to be justified since it wont
remove paths that also resolve to the CWD, "." for instance.
Modified Paths:
--------------
trunk/blender/release/scripts/modules/bpy/__init__.py
Modified: trunk/blender/release/scripts/modules/bpy/__init__.py
===================================================================
--- trunk/blender/release/scripts/modules/bpy/__init__.py 2010-02-28
15:44:18 UTC (rev 27189)
+++ trunk/blender/release/scripts/modules/bpy/__init__.py 2010-02-28
17:11:42 UTC (rev 27190)
@@ -38,8 +38,10 @@
def _main():
- # security issue, dont allow the $CWD in the path.
- _sys.path[:] = filter(None, _sys.path)
+ ## security issue, dont allow the $CWD in the path.
+ ## note: this removes "" but not "." which are the same, security
+ ## people need to explain how this is even a fix.
+ # _sys.path[:] = filter(None, _sys.path)
# a bit nasty but this prevents help() and input() from locking blender
# Ideally we could have some way for the console to replace sys.stdin but
_______________________________________________
Bf-blender-cvs mailing list
[email protected]
http://lists.blender.org/mailman/listinfo/bf-blender-cvs
