GitHub-Proxy/Cura
1
0
Fork 0
mirror of https://git.mirrors.martin98.com/https://github.com/Ultimaker/Cura synced 2025-08-12 03:29:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix comment.

Browse Source 
a smaller part of CURA-7404
This commit is contained in:
Remco Burema 2020-04-28 13:28:02 +02:00
parent 242e0d403e
commit aaee651369
No known key found for this signature in database
GPG Key ID: 215C49431D43F98C
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
plugins/PostProcessingPlugin/PostProcessingPlugin.py
View File

@ -158,12 +158,11 @@ class PostProcessingPlugin(QObject, Extension):
def loadScripts(self, path: str) -> None:
if ApplicationMetadata.IsEnterpriseVersion:
# Delete all __pycache__ not in installation folder, as it presents a security risk.
# Also it prevents this very strange scenario:
# Delete all __pycache__ not in installation folder, as it may present a security risk.
# It prevents this very strange scenario (should already be prevented on enterprise because signed-fault):
# - Copy an existing script from the postprocessing-script folder to the appdata scripts folder.
# - Also copy the entire __pycache__ folder from the first to the last location.
# - Leave the __pycache__ as is, but write maliscous code just before the class begins.
# It's important to edit the script _after_ the pycache folder has been copied!
# - Leave the __pycache__ as is, but write malicious code just before the class begins.
# - It'll execute, despite that the script has not been signed.
# It's not known if these reproduction steps are minimal, but it does at least happen in this case.
install_prefix = os.path.abspath(CuraApplication.getInstance().getInstallPrefix())