View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003391 | Expressions | Bug | public | 2018-03-24 10:28 | 2021-02-06 06:30 |
Reporter | eivindkvedalen | Assigned To | realthunder | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | assigned | Resolution | open | ||
Product Version | 0.17 | ||||
Target Version | 0.20 | ||||
Summary | 0003391: Array and dictionary lookup does not work in expressions | ||||
Description | See discussion on https://forum.freecadweb.org/viewtopic.php?f=3&t=26876#p214826 | ||||
Tags | No tags attached. | ||||
FreeCAD Information | |||||
|
Is this a bug or a feature request? As discussed in this post, it sounds like there is a true security bug related to this, but I don't fully understand how to reproduce the issue that results in the security vulnerability. Can someone provide a step-by-step to reproduce the fix posted by triplus here, and describe how this leads to the security issue mentioned by elvind? |
|
@realthunder pardon, just wondering if your pending FreeCAD Pull Request 3062 addresses this ? |
|
Yes, the PR addressed this. And it shall have completion support for that. And no, there won't be any security concern as mentioned in the referenced post, because I have already modified Expression/ObjectIdentifier to not use the Python interpreter. |
|
@realthunder wow, that's awesome news! There are other expression/spreadsheet issues here on the tracker. I wonder, and I want to be mindful of your time, if we can go through them and see if your PR also addresses them ? Edit: If the PR does address and solve them, would it be possible to use the MantisBT wildcard triggers in the Git commit to remotely close said issues ? See https://www.freecadweb.org/wiki/Tracker#GitHub_and_MantisBT |
|
I'll go through them when I get time. But some of them may be fixed already in upstream. I can't modify the commit message there. Would it be enough for me to just refer to the relevant commit in the issue comment? |
|
Extended indexing support is added with this commit in upstream. |
|
This ticket has been migrated to GitHub as issue 5771. |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-03-24 10:28 | eivindkvedalen | New Issue | |
2018-03-24 10:28 | eivindkvedalen | Status | new => assigned |
2018-03-24 10:28 | eivindkvedalen | Assigned To | => eivindkvedalen |
2019-12-03 04:29 | ezzieyguywuf | Note Added: 0013858 | |
2020-02-23 19:53 | Kunda1 | Note Added: 0014178 | |
2020-02-23 21:47 | realthunder | Note Added: 0014179 | |
2020-02-23 23:03 | Kunda1 | Note Added: 0014180 | |
2020-02-23 23:03 | Kunda1 | Assigned To | eivindkvedalen => realthunder |
2020-02-23 23:05 | Kunda1 | Note Edited: 0014180 | |
2020-02-24 01:53 | realthunder | Note Added: 0014182 | |
2020-02-27 05:56 | realthunder | Note Added: 0014187 | |
2021-02-06 06:30 | abdullah | Target Version | => 0.20 |