diff options
| author |  Shawn O. Pearce <spearce@spearce.org> | 2007-09-08 23:47:00 -0400 |
|---|---|---|
| committer | Shawn O. Pearce <spearce@spearce.org> | 2007-09-08 23:47:10 -0400 |
| commit | cff93397ab185898fd93b6a260cc6f3068c4ac30 (patch) | |
| tree | 90771c571bc950d86ec3edc1988b0434bc77df69 | |
| parent | git-gui: lib/index.tcl: handle files with % in the filename properly (diff) | |
| download | tgif-cff93397ab185898fd93b6a260cc6f3068c4ac30.tar.xz | |
git-gui: Disable Tk send in all git-gui sessions
The Tk designers blessed us with the "send" command, which on X11
will allow anyone who can connect to your X server to evaluate any
Tcl code they desire within any running Tk process. This is just
plain nuts. If git-gui wants someone running Tcl code within it
then would ask someone to supply that Tcl code to it; waiting for
someone to drop any random Tcl code into us is not fantastic idea.
By renaming send to the empty name the procedure will be removed
from the global namespace and Tk will stop responding to random Tcl
evaluation requests sent through the X server. Since there is no
facility to filter these requests it is unlikely that we will ever
consider enabling this command.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
| -rwxr-xr-x | git-gui.sh | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/git-gui.sh b/git-gui.sh index 44977aa212..6d676097a6 100755 --- a/git-gui.sh +++ b/git-gui.sh @@ -42,6 +42,8 @@ if {[catch {package require Tcl 8.4} err] exit 1 } +rename send {} ; # What an evil concept... + ###################################################################### ## ## enable verbose loading? |