Index: openacs-4/packages/acs-mail-lite/tcl/email-inbound-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-mail-lite/tcl/email-inbound-procs.tcl,v diff -u -N -r1.15.2.4 -r1.15.2.5 --- openacs-4/packages/acs-mail-lite/tcl/email-inbound-procs.tcl 10 Aug 2019 14:45:54 -0000 1.15.2.4 +++ openacs-4/packages/acs-mail-lite/tcl/email-inbound-procs.tcl 16 Nov 2019 16:54:06 -0000 1.15.2.5 @@ -606,7 +606,7 @@ set header $h2 } set value [string trim [string range $row $c_idx+1 end]] - # string match from proc safe_eval + # string match from proc ad_safe_eval if { ![string match {*[\[;]*} $value ] } { # 'append' is used instead of 'set' in # the rare case that there's a glitch Index: openacs-4/packages/acs-mail-lite/tcl/imap-inbound-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-mail-lite/tcl/imap-inbound-procs.tcl,v diff -u -N -r1.8.2.1 -r1.8.2.2 --- openacs-4/packages/acs-mail-lite/tcl/imap-inbound-procs.tcl 1 Jul 2019 17:02:45 -0000 1.8.2.1 +++ openacs-4/packages/acs-mail-lite/tcl/imap-inbound-procs.tcl 16 Nov 2019 16:54:06 -0000 1.8.2.2 @@ -647,7 +647,7 @@ -struct_list $struct_list] if { !$error_p && [string match {[a-z]*_[a-z]*} $filter_proc] } { - set hdrs_arr(aml_package_ids_list) [safe_eval ${filter_proc}] + set hdrs_arr(aml_package_ids_list) [ad_safe_eval ${filter_proc}] } if { !$error_p } { Index: openacs-4/packages/acs-mail-lite/tcl/maildir-inbound-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-mail-lite/tcl/maildir-inbound-procs.tcl,v diff -u -N -r1.8 -r1.8.2.1 --- openacs-4/packages/acs-mail-lite/tcl/maildir-inbound-procs.tcl 14 Jun 2018 22:16:08 -0000 1.8 +++ openacs-4/packages/acs-mail-lite/tcl/maildir-inbound-procs.tcl 16 Nov 2019 16:54:06 -0000 1.8.2.1 @@ -133,7 +133,7 @@ -header_array_name hdrs_arr if { [string match {[a-z]*_[a-z]*} $filter_proc] } { - set hdrs_arr(aml_package_ids_list) [safe_eval ${filter_proc}] + set hdrs_arr(aml_package_ids_list) [ad_safe_eval ${filter_proc}] } set id [acs_mail_lite::inbound_queue_insert \ Index: openacs-4/packages/acs-outdated/tcl/acs-tcl-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-outdated/tcl/acs-tcl-procs.tcl,v diff -u -N -r1.4 -r1.4.2.1 --- openacs-4/packages/acs-outdated/tcl/acs-tcl-procs.tcl 9 May 2018 15:33:28 -0000 1.4 +++ openacs-4/packages/acs-outdated/tcl/acs-tcl-procs.tcl 16 Nov 2019 16:54:06 -0000 1.4.2.1 @@ -4,7 +4,7 @@ } { set lmap [list] foreach item $list { - lappend lmap [safe_eval $proc_name $item] + lappend lmap [ad_safe_eval $proc_name $item] } return $lmap } Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -N -r1.189.2.33 -r1.189.2.34 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 14 Nov 2019 08:24:21 -0000 1.189.2.33 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 16 Nov 2019 16:54:06 -0000 1.189.2.34 @@ -1305,13 +1305,23 @@ return [uplevel $func_and_args] } -ad_proc -public safe_eval args { - Version of eval that checks its arguments for brackets - that may be used to execute unsafe code. +ad_proc -public -deprecated safe_eval args { + Deprecated version of ad_safe_eval + @see ad_safe_eval } { + return [ad_safe_eval {*}$args] +} + +ad_proc -public ad_safe_eval args { + + Version of "eval" that checks its arguments for brackets that may be + used to execute unsafe code. There are actually better ways in Tcl + to achive this, but it is kept for backwards compatibility. + +} { foreach arg $args { if { [string match {*[\[;]*} $arg] } { - return -code error "Unsafe argument to safe_eval: $arg" + return -code error "Unsafe argument to ad_safe_eval: $arg" } } return [ad_apply uplevel $args]