import_scripts eval order policy

2 views
Skip to first unread message

Carles F.

unread,
Mar 29, 2009, 8:01:32 PM3/29/09
to wikidpad-devel
Hi all,

I'm pretty new to WikidPad and I'm finding it to be a very powerful
tool to me. I'm using 1.9rc02 from ubuntu PPA.

When I started using it I felt natural to put some generic script
functions on a wiki page and use from other wiki pages using the
import_scripts property.

But I found that the scripts were executed first local then imports so
the functions only worked the second time I did the Eval.

I changed the WikiTxtCtrl.py to eval the other way around and now I
don't have to eval twice removing the exception after the first. I did
so by changing the line 1894 (in the evalScriptBlocks function):

from

for st in scriptTokens:

to

for st in reversed(scriptTokens):

My question is: is there any policy I am breaking by doing this? by
now it is working for me, but may be it is introducing a security
hole...

If it's not, I think it would be nice to have this by default,
allowing to use functions without creating external files and without
reloading wikidpad every time.

Thanks for this great work!!!!!

Carles

Michael Butscher

unread,
Apr 5, 2009, 3:21:41 AM4/5/09
to wikidpa...@googlegroups.com
Carles F. wrote:
> Hi all,
>
> I'm pretty new to WikidPad and I'm finding it to be a very powerful
> tool to me. I'm using 1.9rc02 from ubuntu PPA.
>
> When I started using it I felt natural to put some generic script
> functions on a wiki page and use from other wiki pages using the
> import_scripts property.
>
> But I found that the scripts were executed first local then imports so
> the functions only worked the second time I did the Eval.
>
> I changed the WikiTxtCtrl.py to eval the other way around and now I
> don't have to eval twice removing the exception after the first. I did
> so by changing the line 1894 (in the evalScriptBlocks function):
>
> from
>
> for st in scriptTokens:
>
> to
>
> for st in reversed(scriptTokens):
>
> My question is: is there any policy I am breaking by doing this? by
> now it is working for me, but may be it is introducing a security
> hole...

No. The decision which scripts are executed at all (depending on
security settings) is made before this line.


> If it's not, I think it would be nice to have this by default,
> allowing to use functions without creating external files and without
> reloading wikidpad every time.

I will make this an option in one of the next 2.0 versions, but 1.9 is
in release candidate state so I will not put in new features there.

Michael

Reply all
Reply to author
Forward
0 new messages