3D-printing/Cura
1
0
Fork 0
mirror of https://github.com/Ultimaker/Cura.git synced 2025-07-06 14:37:29 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix comment.

Browse source 
a smaller part of CURA-7404
This commit is contained in:
Remco Burema 2020-04-28 13:28:02 +02:00
parent 242e0d403e
commit aaee651369
No known key found for this signature in database
GPG key ID: 215C49431D43F98C
1 changed files with 3 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

7
plugins/PostProcessingPlugin/PostProcessingPlugin.py
View file

@ -158,12 +158,11 @@ class PostProcessingPlugin(QObject, Extension):
def loadScripts(self, path: str) -> None:
if ApplicationMetadata.IsEnterpriseVersion:
# Delete all __pycache__ not in installation folder, as it presents a security risk.
# Also it prevents this very strange scenario:
# Delete all __pycache__ not in installation folder, as it may present a security risk.
# It prevents this very strange scenario (should already be prevented on enterprise because signed-fault):
# - Copy an existing script from the postprocessing-script folder to the appdata scripts folder.
# - Also copy the entire __pycache__ folder from the first to the last location.
# - Leave the __pycache__ as is, but write maliscous code just before the class begins.
# It's important to edit the script _after_ the pycache folder has been copied!
# - Leave the __pycache__ as is, but write malicious code just before the class begins.
# - It'll execute, despite that the script has not been signed.
# It's not known if these reproduction steps are minimal, but it does at least happen in this case.
install_prefix = os.path.abspath(CuraApplication.getInstance().getInstallPrefix())