Hi all, A quick question. I've justed added a handler to Click's Script element, accessible at userlevel, called "cat". This handler reads a file and returns its contents. For example:
Script(set x $(cat /tmp/f)) sets the script's "$x" variable to the contents of /tmp/f. This is pretty useful, but also potentially dangerous, since anyone who can call the Script's "cat" handler can read any file accessible to the click program. I am wondering if anyone finds this dangerous -- for example if someone is running ControlSocket. One possibility would be to make "cat" accessible within the config, and not from ControlSocket. Eddie _______________________________________________ click mailing list [email protected] https://amsterdam.lcs.mit.edu/mailman/listinfo/click
