[Owncloud] OC_Installer blacklist

Frank Karlitschek frank at owncloud.org
Fri May 18 16:25:14 UTC 2012


On 18.05.2012, at 18:09, Thomas Tanghus <thomas at tanghus.net> wrote:

> I just had a look at OC_Installer and came to wonder about the blacklist in OC_Installer::checkCode [1].
> Won't that limit 3rd party developers from using e.g. OC_FilesystemView [2] and OC_Filesystem [3] ?

good point. I removed the "fopen(" pattern for now. We have to find a way to make this more clever in the future.


> 
> And btw shouldn't 'exec(' be in the list too?

There is a lot missing. :-)
The idea is to extend this with more patterns that we donĀ“t like over time.


Frank







More information about the Owncloud mailing list