Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #11464 (closed)

Opened 11 years ago

Closed 11 years ago

Bug: Use os.path.basename on script Param path/names

Reported by: wmoore Owned by: wmoore
Priority: blocker Milestone: OMERO-4.4.9
Component: Scripting Version: n.a.
Keywords: n.a. Cc: bpindelski, jamoore
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: n.a.
Sprint: n.a.

Description

Any time a script parameter asks for a file name, E.g. In Figure scripts etc we have to check that it is a name only (doesn't have a path) since this path could lead to the file being written anywhere on the server machine (potentially overwriting other files).

Best to use os.path.basename(filename).

Need to check all our official scripts etc and keep it in mind for validating other scripts.

Change History (1)

comment:1 Changed 11 years ago by wmoore

  • Resolution set to fixed
  • Status changed from new to closed

https://github.com/ome/scripts/pull/39

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.64234 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!