diff options
author | Hans Hagen <pragma@wxs.nl> | 2018-03-15 16:04:31 +0100 |
---|---|---|
committer | Context Git Mirror Bot <phg42.2a@gmail.com> | 2018-03-15 16:04:31 +0100 |
commit | a4e07f30e880ab27c2918f81f136e257475b7729 (patch) | |
tree | 02db002d3001a49777a049f9a98fdc872a5e1ad1 /tex/context/base/mkiv/util-sbx.lua | |
parent | cbc37c39432e0ebe38e0922fc6d14c2955ab3ba2 (diff) | |
download | context-a4e07f30e880ab27c2918f81f136e257475b7729.tar.gz |
2018-03-15 15:36:00
Diffstat (limited to 'tex/context/base/mkiv/util-sbx.lua')
-rw-r--r-- | tex/context/base/mkiv/util-sbx.lua | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/tex/context/base/mkiv/util-sbx.lua b/tex/context/base/mkiv/util-sbx.lua index 66a650875..57c576870 100644 --- a/tex/context/base/mkiv/util-sbx.lua +++ b/tex/context/base/mkiv/util-sbx.lua @@ -28,6 +28,7 @@ local concat = string.concat local unquoted = string.unquoted local optionalquoted = string.optionalquoted local basename = file.basename +local nameonly = file.nameonly local sandbox = sandbox local validroots = { } @@ -122,9 +123,9 @@ local function registerlibrary(name) return end if validlibraries == true then - validlibraries = { [name] = true } + validlibraries = { [nameonly(name)] = true } else - validlibraries[name] = true + validlibraries[nameonly(name)] = true end elseif name == true then validlibraries = { } @@ -461,7 +462,7 @@ function sandbox.getrunner(name) end local function suspicious(str) - return (find(str,"[/\\]") or find(command,"%.%.")) and true or false + return (find(str,"[/\\]") or find(command,"..",1,true)) and true or false end local function binaryrunner(action,command,...) @@ -562,9 +563,9 @@ if FFISUPPORTED and ffi then end end - local load = ffi.load + local fiiload = ffi.load - if load then + if fiiload then local reported = { } @@ -573,10 +574,10 @@ if FFISUPPORTED and ffi then -- all blocked elseif validlibraries == true then -- all permitted - return load(name,...) - elseif validlibraries[name] then + return fiiload(name,...) + elseif validlibraries[nameonly(name)] then -- 'name' permitted - return load(name,...) + return fiiload(name,...) else -- 'name' not permitted end |