[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE]
From: Albert Astals Cid <tsdgeos () terra ! es>
Date: 2004-09-14 19:56:11
Message-ID: 200409142155.37535.tsdgeos () terra ! es
[Download RAW message or body]
A Dimarts 14 Setembre 2004 20:46, vàreu escriure:
> On Tuesday 14 September 2004 19:31, Albert Astals Cid wrote:
> > A Dimarts 14 Setembre 2004 13:35, vàreu escriure:
> > > On Tuesday 14 September 2004 00:20, Albert Astals Cid wrote:
> > > > CVS commit by aacid:
> > > >
> > > > Commiting first work on getting links to work.
> > > > ATM only links to web pages are tested, i would like to get pdf with
> > > > some weird links like the one that quits the app viewing it, or links
> > > > to external files, etc so i can test them.
> > > >
> > > > M +26 -25 kpdf_pagewidget.cc 1.38
> > > > M +240 -70 kpdf_part.cpp 1.78 [POSSIBLY UNSAFE: system]
> > > > M +2 -2 kpdf_part.h 1.35
> > >
> > > I have strong doubts about this system() call in there. Can you
> > > elaborate on what it is supposed to do?
> >
> > There are links in pdf that contain a command and some parameters (i have
> > no pdf with that, but is what i get from reading the xpdf code), in case
> > the user agrees to execute the command + parameters i execute them using
> > system (again is what xpdf does)
>
> I don't think it's a good idea to copy that feature. It's a wide open
> invitation for worms/viri to entice users to run all kinds of creative crap
> and there is hardly any legitimate use for such feature. Please leave it
> out.
What problem do you have with it?
I ask something along the lines of
"Do you want to execute %1" where %1 is the command plus the arguments
I don't see any problem with that. Is the user who decides if he wants to
execute the program or not.
Albert
>
> Cheers,
> Waldo
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic