@@ -794,8 +794,10 @@ bool StelScriptMgr::runPreprocessedScript(const QString &preprocessedScript, con
794794bool StelScriptMgr::runScript (const QString& fileName, const QString& includePath)
795795{
796796 QString preprocessedScript;
797- prepareScript (preprocessedScript,fileName,includePath);
798- return runPreprocessedScript (preprocessedScript,fileName);
797+ if (prepareScript (preprocessedScript,fileName,includePath))
798+ return runPreprocessedScript (preprocessedScript,fileName);
799+ else
800+ return false ;
799801}
800802
801803bool StelScriptMgr::runScriptDirect (const QString scriptId, const QString &scriptCode, int &errLoc, const QString& includePath)
@@ -820,9 +822,20 @@ bool StelScriptMgr::runScriptDirect(const QString& scriptCode, const QString &in
820822bool StelScriptMgr::prepareScript ( QString &script, const QString &fileName, const QString &includePath)
821823{
822824 QString absPath;
825+ const bool okToRunScriptFromAbsolutePath=StelApp::getInstance ().getSettings ()->value (" scripts/flag_script_allow_absolute_path" , false ).toBool ();
823826
824827 if (QFileInfo (fileName).isAbsolute ())
825- absPath = fileName;
828+ {
829+ // Absolute paths may bear a security risk. We need a flag to allow them!
830+ if (okToRunScriptFromAbsolutePath)
831+ absPath = fileName;
832+ else
833+ {
834+ qWarning () << " SCRIPTING CONFIGURATION ISSUE: You are trying to run a script from absolute pathname." ;
835+ qWarning () << " To enable this, edit config.ini and set [scripts]/flag_script_allow_absolute_path=true" ;
836+ return false ;
837+ }
838+ }
826839 else
827840 absPath = StelFileMgr::findFile (" scripts/" + fileName);
828841
0 commit comments