PR #3264 is ready for review and testing

20 views
Skip to first unread message

Edward K. Ream

unread,
Apr 8, 2023, 9:23:55 PM4/8/23
to leo-editor
PR #3264 fixes a security blunder by eliminating support for path expressions of the form:

  {{python statements}}

As compensation, the PR supports Python's standard syntax defined by os.path.expanduser and os.path.expandvars.

Those who now use path expressions must replace them with the standard syntax. A global search/replace should suffice.

This PR will be the highlight of Leo 6.7.3, scheduled for a few days from now.  Please test this PR and report any problems.

Edward

Edward K. Ream

unread,
Apr 9, 2023, 8:01:35 AM4/9/23
to leo-editor
On Saturday, April 8, 2023 at 8:23:55 PM UTC-5 Edward K. Ream wrote:

> PR #3264 fixes a security blunder...by eliminating support for path expressions.

> Those who now use path expressions must replace them with the standard syntax. A global search/replace should suffice.

This PR has been merged into devel. Please continue to test devel and report any problems.

I plan to release 6.7.3 this Tuesday, April 11. Imo it's urgent that leoInteg require 6.7.3 asap.

Edward
Reply all
Reply to author
Forward
0 new messages