[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: quanta [POSSIBLY UNSAFE]
From: Andras Mantia <amantia () freemail ! hu>
Date: 2002-12-08 10:01:09
[Download RAW message or body]
CVS commit by amantia:
Security fix; execution of command line type plugins fixed.
M +1 -0 ChangeLog 1.99
M +9 -6 quanta/plugins/quantacmdplugin.cpp 1.10 [POSSIBLY UNSAFE: setUseShell]
M +1 -1 quanta/plugins/quantakpartplugin.cpp 1.12
--- quanta/ChangeLog 1.99:
@@ -16,4 +16,5 @@ Verions 3.2-CVS-1 (Release Date: xx-xx-2
correctly on the next startup of Quanta, slowing it down
- autoselect the renamed files in the Upload Project dialog
+ - security fixes
- synched the File and Grep dialog code with Kate
- learning of unknown, user entered tags (and functions)
--- quanta/quanta/plugins/quantacmdplugin.cpp 1.10:
@@ -74,7 +74,10 @@ bool QuantaCmdPlugin::load()
return FALSE;
- m_process = new KShellProcess;
+ m_process = new KProcess;
+ m_process->setUseShell(true);
QString args = arguments();
+ if (!args.isEmpty())
+ args = KProcess::quote(args);
/* TODO
@@ -87,5 +90,5 @@ bool QuantaCmdPlugin::load()
if(loc.isEmpty())
{
- const char *fn = QFile::encodeName(fileName());
+ QString fn = fileName();
KStandardDirs *dirs = QuantaCommon::pluginDirs("exe");
loc = dirs->findResource("exe", fn);
@@ -101,10 +104,10 @@ bool QuantaCmdPlugin::load()
{
QString kon = locate("exe", "konsole");
- *m_process << kon << "-e" << loc;
+ *m_process << kon << "-e " << KProcess::quote(loc);
*m_process << args; // FIXME : Do we need to tokenize arguments here?
}
else if(ow == i18n("Message Window"))
{
- *m_process << loc << args;
+ *m_process << KProcess::quote(loc) << args;
}
else
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic