How does Bugzilla operate
ambassador at fourthworld.com
Wed Jan 12 18:12:29 EST 2005
Sarah Reichelt wrote:
>> On Dec 18, 2004 I reported a problem that became bug 2477. I created a
>> stack that reliably demonstrated the problem and posted it for download.
>> In Rev 2.2.1 I could create a graphic with a script. The technique
>> worked great in both the development environment and in standalones.
>> In Rev 2.5 the procedure doesn't work. I rewrote the code so a
>> graphic with the proper script is clones rather than created. This
>> revision worked great in the development environment and FAILS in the
> Hi Burton,
> Checking your example stack, it creates the graphic perfectly, but fails
> to assign the script to it because you set the stack to be password
> protected in the standalone settings. I can't understand why creating
> the graphic worked, but I guess the password protection only applies to
A bug was introduced in v2.5 while addressing a potential security
issue: the clone command should rightfully prevent objects from being
cloned from a password-protected stack to any other stack, as the
destination stack may not be password-protected and thus leave any
script in that object exposed in the new stack.
However this seems to have been addressed with a touch of overkill: in
v2.5 the ability to clone objects within a password-protected stack has
apparently be disabled, as has the ability to clone a password-protected
stack itself. Neither of these two circumstances pose a security
exposure, so the older behavior of allowing the clone should be restored
for these, while keeping the one case that is an exposure (cloning out
of a password-protected stack).
These were reported in Bugzilla, and if memory serves were slated to be
addressed in the next release. I can't find the Bugzilla item now, so I
don't know the current status.
Fourth World Media Corporation
Rev tools and more: http://www.fourthworld.com/rev
More information about the Use-livecode