[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE]
From:       Albert Astals Cid <tsdgeos () terra ! es>
Date:       2004-09-14 19:56:11
Message-ID: 200409142155.37535.tsdgeos () terra ! es
[Download RAW message or body]

A Dimarts 14 Setembre 2004 20:46, vàreu escriure:
> On Tuesday 14 September 2004 19:31, Albert Astals Cid wrote:
> > A Dimarts 14 Setembre 2004 13:35, vàreu escriure:
> > > On Tuesday 14 September 2004 00:20, Albert Astals Cid wrote:
> > > > CVS commit by aacid:
> > > >
> > > > Commiting first work on getting links to work.
> > > > ATM only links to web pages are tested, i would like to get pdf with
> > > > some weird links like the one that quits the app viewing it, or links
> > > > to external files, etc so i can test them.
> > > >
> > > >   M +26 -25    kpdf_pagewidget.cc   1.38
> > > >   M +240 -70   kpdf_part.cpp   1.78 [POSSIBLY UNSAFE: system]
> > > >   M +2 -2      kpdf_part.h   1.35
> > >
> > > I have strong doubts about this system() call in there. Can you
> > > elaborate on what it is supposed to do?
> >
> > There are links in pdf that contain a command and some parameters (i have
> > no pdf with that, but is what i get from reading the xpdf code), in case
> > the user agrees to execute the command + parameters i execute them using
> > system (again is what xpdf does)
>
> I don't think it's a good idea to copy that feature. It's a wide open
> invitation for worms/viri to entice users to run all kinds of creative crap
> and there is hardly any legitimate use for such feature. Please leave it
> out.

What problem do you have with it?

I ask something along the lines of

"Do you want to execute %1" where %1 is the command plus the arguments

I don't see any problem with that. Is the user who decides if he wants to 
execute the program or not.

Albert

>
> Cheers,
> Waldo

[prev in list] [next in list] [prev in thread] [next in thread]