Weird fallback mechanism for input data in python scripts
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Inkscape |
Fix Released
|
Medium
|
Alex Valavanis |
Bug Description
I reported this on the dev mailing list ages ago but didn't get a reply. It's a possible security issue, so please could someone check before the 0.91 release?
I found some unexpected behaviour with inkex-based extensions if a
non-existent SVG filename is specified.
To reproduce:
cd share/extensions
./gimp_xcf.py non-existent-
Expected behaviour:
* Script exits with an error message "Unable to open non-existent-
Actual behaviour:
* Script silently falls back to reading from standard input, and
appears to freeze.
This appears to be caused by the fallback mechanism for obtaining data
streams in the Effect.parse() function in inkex.py. At the moment, it
does this:
1. Try to read file specified as a function argument e.g.,
my_effect.
2. If that file can't be opened, try to read the file specified in self.svg_file
3. If that file can't be opened, read from stdin
This could lead to some weirdness e.g.,
e = ProcessImportan
# Specify the wrong file name somewhere
e.svg_file = "wrong-
# Later, try to read from the correct file, but with a typo
e.parse(
# When we apply the effect, the
"correct-
script will silently fall back to using the wrong data file.
e.effect()
I have attached a patch that changes the behaviour so that the same
order of precedence is maintained, but the script will fail if the
specified file cannot be opened. I'm not the best Python programmer,
and I don't know the precise intended behaviour of the extensions
system, so please could someone review/comment?
Related branches
Changed in inkscape: | |
status: | Fix Committed → Fix Released |
I've applied the patch and fixed a couple of errors. One is that an except should specify the Exception class and the other is that file is an internal name so moved that to filename.
see r12925, and please set the assignee to Alex please.