View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003391||Expressions||Bug||public||2018-03-24 10:28||2021-02-06 06:30|
|Summary||0003391: Array and dictionary lookup does not work in expressions|
|Description||See discussion on https://forum.freecadweb.org/viewtopic.php?f=3&t=26876#p214826|
|Tags||No tags attached.|
Is this a bug or a feature request?
As discussed in this post, it sounds like there is a true security bug related to this, but I don't fully understand how to reproduce the issue that results in the security vulnerability.
Can someone provide a step-by-step to reproduce the fix posted by triplus here, and describe how this leads to the security issue mentioned by elvind?
||@realthunder pardon, just wondering if your pending FreeCAD Pull Request 3062 addresses this ?|
||Yes, the PR addressed this. And it shall have completion support for that. And no, there won't be any security concern as mentioned in the referenced post, because I have already modified Expression/ObjectIdentifier to not use the Python interpreter.|
@realthunder wow, that's awesome news! There are other expression/spreadsheet issues here on the tracker. I wonder, and I want to be mindful of your time, if we can go through them and see if your PR also addresses them ?
Edit: If the PR does address and solve them, would it be possible to use the MantisBT wildcard triggers in the Git commit to remotely close said issues ?
||I'll go through them when I get time. But some of them may be fixed already in upstream. I can't modify the commit message there. Would it be enough for me to just refer to the relevant commit in the issue comment?|
||Extended indexing support is added with this commit in upstream.|
|2018-03-24 10:28||eivindkvedalen||New Issue|
|2018-03-24 10:28||eivindkvedalen||Status||new => assigned|
|2018-03-24 10:28||eivindkvedalen||Assigned To||=> eivindkvedalen|
|2019-12-03 04:29||ezzieyguywuf||Note Added: 0013858|
|2020-02-23 19:53||Kunda1||Note Added: 0014178|
|2020-02-23 21:47||realthunder||Note Added: 0014179|
|2020-02-23 23:03||Kunda1||Note Added: 0014180|
|2020-02-23 23:03||Kunda1||Assigned To||eivindkvedalen => realthunder|
|2020-02-23 23:05||Kunda1||Note Edited: 0014180|
|2020-02-24 01:53||realthunder||Note Added: 0014182|
|2020-02-27 05:56||realthunder||Note Added: 0014187|
|2021-02-06 06:30||abdullah||Target Version||=> 0.20|