diff options
author | Steve Bennett <steveb@workware.net.au> | 2020-12-20 07:58:30 +1000 |
---|---|---|
committer | Steve Bennett <steveb@workware.net.au> | 2020-12-26 18:08:29 +1000 |
commit | 3627155c4a047bc491d45406b22a9038402ae964 (patch) | |
tree | 7f0337e433cdec49841d218dce420f4f274622b8 /jim.h | |
parent | ea1b12824f360ca2f3b4838e1d88605b9b1c1a6d (diff) | |
download | jimtcl-3627155c4a047bc491d45406b22a9038402ae964.zip jimtcl-3627155c4a047bc491d45406b22a9038402ae964.tar.gz jimtcl-3627155c4a047bc491d45406b22a9038402ae964.tar.bz2 |
Jim_GetWideExpr() now evaluates "safe" expressions
This means that $variable references and [commands] are not expanded.
This should mitigate security concerns when using the 'integer expression' feature.
It means that you must do:
string repeat a $i*4
Not:
string repeat a {$i*4}
Signed-off-by: Steve Bennett <steveb@workware.net.au>
Diffstat (limited to 'jim.h')
-rw-r--r-- | jim.h | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -547,6 +547,7 @@ typedef struct Jim_Interp { structure. */ int local; /* If 'local' is in effect, newly defined procs keep a reference to the old defn */ int quitting; /* Set to 1 during Jim_FreeInterp() */ + int safeexpr; /* Set when evaluating a "safe" expression, no var subst or command eval */ Jim_Obj *liveList; /* Linked list of all the live objects. */ Jim_Obj *freeList; /* Linked list of all the unused objects. */ Jim_Obj *currentScriptObj; /* Script currently in execution. */ |