[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdebase/kicker/buttons
From: Dirk Mueller <mueller () kde ! org>
Date: 2003-09-19 18:08:35
[Download RAW message or body]
CVS commit by mueller:
security fix: don't execute filename that was dropped on the button.
M +3 -2 nonkdeappbutton.cpp 1.8
--- kdebase/kicker/buttons/nonkdeappbutton.cpp #1.7:1.8
@@ -30,4 +30,5 @@ CONNECTION WITH THE SOFTWARE OR THE USE
#include <kglobal.h>
#include <krun.h>
+#include <kprocess.h>
#include <kmessagebox.h>
#include <klocale.h>
@@ -103,8 +104,8 @@ void NonKDEAppButton::dropEvent(QDropEve
KDesktopFile deskFile(url.path());
deskFile.setDesktopGroup();
- execStr += deskFile.readURL() + " ";
+ execStr += KProcess::quote(deskFile.readURL()) + " ";
}
else
- execStr += url.path() + " ";
+ execStr += KProcess::quote(url.path()) + " ";
}
bool result;
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic