Mercurial > emacs
changeset 111580:bd93bfc2fc83
* lisp/progmodes/python.el (run-python): Explain why we remove the current
directory from sys.path. Suggested by Eric Hanchrow <erich@cozi.com>.
author | Stefan Monnier <monnier@iro.umontreal.ca> |
---|---|
date | Wed, 17 Nov 2010 10:00:16 -0500 |
parents | 4433803ef920 |
children | facc4bc3e1e4 |
files | lisp/ChangeLog lisp/progmodes/python.el |
diffstat | 2 files changed, 8 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/lisp/ChangeLog Wed Nov 17 09:54:15 2010 -0500 +++ b/lisp/ChangeLog Wed Nov 17 10:00:16 2010 -0500 @@ -1,5 +1,8 @@ 2010-11-17 Stefan Monnier <monnier@iro.umontreal.ca> + * progmodes/python.el (run-python): Explain why we remove the current + directory from sys.path. Suggested by Eric Hanchrow <erich@cozi.com>. + * progmodes/grep.el (grep-regexp-alist): Tighten the regexp (bug#7378). 2010-11-16 Stefan Monnier <monnier@iro.umontreal.ca>
--- a/lisp/progmodes/python.el Wed Nov 17 09:54:15 2010 -0500 +++ b/lisp/progmodes/python.el Wed Nov 17 10:00:16 2010 -0500 @@ -1586,6 +1586,11 @@ (with-current-buffer (let* ((cmdlist (append (python-args-to-list cmd) + ;; It's easy for the user to cause the process to be + ;; started without realizing it (e.g. to perform + ;; completion); for this reason loading files from the + ;; current directory is a security risk. See + ;; http://article.gmane.org/gmane.emacs.devel/103569 '("-i" "-c" "import sys; sys.path.remove('')"))) (path (getenv "PYTHONPATH")) (process-environment ; to import emacs.py