[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE]
From: Waldo Bastian <bastian () kde ! org>
Date: 2004-09-14 18:46:51
Message-ID: 200409142046.55385.bastian () kde ! org
[Download RAW message or body]
On Tuesday 14 September 2004 19:31, Albert Astals Cid wrote:
> A Dimarts 14 Setembre 2004 13:35, vàreu escriure:
> > On Tuesday 14 September 2004 00:20, Albert Astals Cid wrote:
> > > CVS commit by aacid:
> > >
> > > Commiting first work on getting links to work.
> > > ATM only links to web pages are tested, i would like to get pdf with
> > > some weird links like the one that quits the app viewing it, or links
> > > to external files, etc so i can test them.
> > >
> > > M +26 -25 kpdf_pagewidget.cc 1.38
> > > M +240 -70 kpdf_part.cpp 1.78 [POSSIBLY UNSAFE: system]
> > > M +2 -2 kpdf_part.h 1.35
> >
> > I have strong doubts about this system() call in there. Can you elaborate
> > on what it is supposed to do?
>
> There are links in pdf that contain a command and some parameters (i have
> no pdf with that, but is what i get from reading the xpdf code), in case
> the user agrees to execute the command + parameters i execute them using
> system (again is what xpdf does)
I don't think it's a good idea to copy that feature. It's a wide open
invitation for worms/viri to entice users to run all kinds of creative crap
and there is hardly any legitimate use for such feature. Please leave it out.
Cheers,
Waldo
--
bastian@kde.org | Novell BrainShare Europe 2004 | bastian@suse.com
bastian@kde.org | 12-18 September, Barcelona, Spain | bastian@suse.com
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic