[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: kdeextragear-2/kile/kile [POSSIBLY UNSAFE]
From: Frans Englich <frans.englich () telia ! com>
Date: 2004-08-25 20:22:46
Message-ID: 200408252022.46636.frans.englich () telia ! com
[Download RAW message or body]
On Wednesday 25 August 2004 20:14, David Faure wrote:
> On Wednesday 25 August 2004 22:09, Jeroen Wijnhout wrote:
> > On Wednesday 25 August 2004 22:03, Jeroen Wijnhout wrote:
> > > CVS commit by wijnhout:
> > >
> > > o force using bash
> > > o some more debug info
> > >
> > >
> > > M +4 -1 configtester.cpp 1.4 [POSSIBLY UNSAFE: KShellProcess]
> >
> > POSSIBLY UNSAFE, what the.. !?!?! Can anybody explain? (I'm not on this
> > list btw, however if you leave kile in the subject I should receive the
> > email, I think.)
> >
> > > *m_process << "cd " + destdir + " && " << "cp " + srcdir +"/*
> > > " + destdir + " && " << "source runTests.sh " + m_resultsFile + " " +
> > > destdir; connect(m_process, SIGNAL(receivedStdout(KProcess *, char *,
> > > int)), this, SLOT(determineProgress(KProcess *, char *, int)));
>
> Imagine if destdir is "; rm -rf $HOME; echo"...
>
> Please use KProcess::quote() around any variable argument.
This sounds like something for:
http://developer.kde.org/documentation/other/mistakes.html
Isn't that fun to hear? :}
Frans
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic