Jim_GetWideExpr() now evaluates "safe" expressions

This means that $variable references and [commands] are not expanded. This should mitigate security concerns when using the 'integer expression' feature. It means that you must do: string repeat a $i*4 Not: string repeat a {$i*4} Signed-off-by: Steve Bennett <steveb@workware.net.au>
author: Steve Bennett <steveb@workware.net.au> 2020-12-20 07:58:30 +1000
committer: Steve Bennett <steveb@workware.net.au> 2020-12-26 18:08:29 +1000
commit: 3627155c4a047bc491d45406b22a9038402ae964 (patch)
tree: 7f0337e433cdec49841d218dce420f4f274622b8 /jim.h
parent: ea1b12824f360ca2f3b4838e1d88605b9b1c1a6d (diff)
download: jimtcl-3627155c4a047bc491d45406b22a9038402ae964.zip
jimtcl-3627155c4a047bc491d45406b22a9038402ae964.tar.gz
jimtcl-3627155c4a047bc491d45406b22a9038402ae964.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/jim.h b/jim.h
index 8bc90ab..79bfc0c 100644
--- a/jim.h
+++ b/jim.h
@@ -547,6 +547,7 @@ typedef struct Jim_Interp {
                 structure. */
     int local; /* If 'local' is in effect, newly defined procs keep a reference to the old defn */
     int quitting; /* Set to 1 during Jim_FreeInterp() */
+    int safeexpr; /* Set when evaluating a "safe" expression, no var subst or command eval */
     Jim_Obj *liveList; /* Linked list of all the live objects. */
     Jim_Obj *freeList; /* Linked list of all the unused objects. */
     Jim_Obj *currentScriptObj; /* Script currently in execution. */
author	Steve Bennett <steveb@workware.net.au>	2020-12-20 07:58:30 +1000
committer	Steve Bennett <steveb@workware.net.au>	2020-12-26 18:08:29 +1000
commit	3627155c4a047bc491d45406b22a9038402ae964 (patch)
tree	7f0337e433cdec49841d218dce420f4f274622b8 /jim.h
parent	ea1b12824f360ca2f3b4838e1d88605b9b1c1a6d (diff)
download	jimtcl-3627155c4a047bc491d45406b22a9038402ae964.zip jimtcl-3627155c4a047bc491d45406b22a9038402ae964.tar.gz jimtcl-3627155c4a047bc491d45406b22a9038402ae964.tar.bz2