[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: quanta/quanta/plugins [POSSIBLY UNSAFE]
From: Oswald Buddenhagen <ossi () kde ! org>
Date: 2002-12-09 1:46:31
[Download RAW message or body]
On Sun, Dec 08, 2002 at 11:46:52AM +0100, Andras Mantia wrote:
> CVS commit by amantia:
>
> Handle multiple arguments a little better.
>
> --- quanta/quanta/plugins/quantacmdplugin.cpp 1.11:
> @@ -79,5 +79,14 @@ bool QuantaCmdPlugin::load()
> QString args = arguments();
> if (!args.isEmpty())
> - args = KProcess::quote(args);
> + {
> + //FIXME: This will not work if the arguments contain spaces, but will
> + //do it for now, until the plugin system is corrected
> + QStringList argsList = QStringList::split(" ", args);
> + args = "";
> + for (uint i = 0; i < argsList.count(); i++)
> + {
> + args += KProcess::quote(argsList[i])+" ";
> + }
> + }
>
this looks half-baked.
either you trust your input and therefore expect it to be properly
quoted or you don't trust it and expect it to be already a QStringList
whose entries should be quoted as a whole.
with the current implementation you prevent properly quoted strings from
being treated as such. so if this is not security-relevant (usually it
makes sense to trust the own user), it would be sensible to revert this
to no quoting at all.
greetings
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic