"test mode" can tab-complete local file names

[GoogleCodeExporter]

When running in test mode with -t, it blocks access to local executables and 
has a suitably bogus $PWD, but using tab-completion can still expose local file 
names. It can also be used to examine the filesystem using ../.

It's my understanding that test mode is supposed to be completely isolated from 
IO, and the real world in general, so this probably shouldn't happen.

{{{
$ ./cabal-dev/bin/plush -t
# ls
Unknown command: ls
# echo $PWD
/home
# <TAB>
.plush.cabal.swp  tests             src               admin             
alltests.sh       .git              LICENSE           .gitignore
NOTES             dist              README            data              
plush.cabal       TODO              cabal-dev         static
# ../<TAB>
trunk  0.2
}}}

Original issue reported on code.google.com by mzero@google.com on 20 Jul 2012 at 10:26

[GoogleCodeExporter]

Original comment by m...@glyphic.com on 28 Nov 2012 at 5:28

• Changed state: New

[GoogleCodeExporter]

Original comment by mzero@google.com on 29 Dec 2012 at 1:17

• Added labels: Priority-Low
• Removed labels: Priority-Medium