From 0ec47c9802bb82560c0c11768cc61bae7bfc29c3 Mon Sep 17 00:00:00 2001
From: "Rebecca N. Palmer" <rebecca_palmer@zoho.com>
Date: Tue, 18 Oct 2016 22:35:10 +0100
Subject: [PATCH] Simplify Nasal security code

---
 src/Main/globals.cxx | 1 +
 src/Main/globals.hxx | 8 +++++++-
 src/Main/util.cxx    | 7 +------
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/Main/globals.cxx b/src/Main/globals.cxx
index 8446a4573..ecbf5ffab 100644
--- a/src/Main/globals.cxx
+++ b/src/Main/globals.cxx
@@ -472,6 +472,7 @@ void FGGlobals::append_aircraft_path(const SGPath& path)
   }
 
   fg_aircraft_dirs.push_back(dirPath.realpath());
+  extra_read_allowed_paths.push_back(dirPath.realpath());
 }
 
 void FGGlobals::append_aircraft_paths(const PathList& paths)
diff --git a/src/Main/globals.hxx b/src/Main/globals.hxx
index eec8128ae..104d288d9 100644
--- a/src/Main/globals.hxx
+++ b/src/Main/globals.hxx
@@ -258,7 +258,13 @@ public:
     void set_catalog_aircraft_path(const SGPath& path);
 
     PathList get_aircraft_paths() const;
-
+    /**
+     * Add an aircraft directory
+     *
+     * This also makes the path Nasal-readable:
+     * to avoid can-read-any-file security holes, do NOT call this on paths
+     * obtained from the property tree or other Nasal-writable places
+     */ 
     void append_aircraft_path(const SGPath& path);
     void append_aircraft_paths(const PathList& path);
     
diff --git a/src/Main/util.cxx b/src/Main/util.cxx
index 8ef85b551..fb0a1668e 100644
--- a/src/Main/util.cxx
+++ b/src/Main/util.cxx
@@ -93,12 +93,7 @@ void fgInitAllowedPaths()
     read_allowed_paths.clear();
     write_allowed_paths.clear();
 
-    const PathList& aircraft_paths = globals->get_aircraft_paths();
-    const PathList& other_read_paths = globals->get_extra_read_allowed_paths();
-    // not plain fg_scenery, to avoid making
-    // /sim/terrasync/scenery-dir a security hole
-    PathList read_paths = aircraft_paths;
-    read_paths.insert(read_paths.end(), other_read_paths.begin(), other_read_paths.end());
+    PathList read_paths = globals->get_extra_read_allowed_paths();
     read_paths.push_back(globals->get_fg_root());
     read_paths.push_back(globals->get_fg_home());