From kde-commits Tue Sep 14 19:56:11 2004 From: Albert Astals Cid Date: Tue, 14 Sep 2004 19:56:11 +0000 To: kde-commits Subject: Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE] Message-Id: <200409142155.37535.tsdgeos () terra ! es> X-MARC-Message: https://marc.info/?l=kde-commits&m=109519180403276 A Dimarts 14 Setembre 2004 20:46, vàreu escriure: > On Tuesday 14 September 2004 19:31, Albert Astals Cid wrote: > > A Dimarts 14 Setembre 2004 13:35, vàreu escriure: > > > On Tuesday 14 September 2004 00:20, Albert Astals Cid wrote: > > > > CVS commit by aacid: > > > > > > > > Commiting first work on getting links to work. > > > > ATM only links to web pages are tested, i would like to get pdf with > > > > some weird links like the one that quits the app viewing it, or links > > > > to external files, etc so i can test them. > > > > > > > > M +26 -25 kpdf_pagewidget.cc 1.38 > > > > M +240 -70 kpdf_part.cpp 1.78 [POSSIBLY UNSAFE: system] > > > > M +2 -2 kpdf_part.h 1.35 > > > > > > I have strong doubts about this system() call in there. Can you > > > elaborate on what it is supposed to do? > > > > There are links in pdf that contain a command and some parameters (i have > > no pdf with that, but is what i get from reading the xpdf code), in case > > the user agrees to execute the command + parameters i execute them using > > system (again is what xpdf does) > > I don't think it's a good idea to copy that feature. It's a wide open > invitation for worms/viri to entice users to run all kinds of creative crap > and there is hardly any legitimate use for such feature. Please leave it > out. What problem do you have with it? I ask something along the lines of "Do you want to execute %1" where %1 is the command plus the arguments I don't see any problem with that. Is the user who decides if he wants to execute the program or not. Albert > > Cheers, > Waldo