Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>

1 files changed, 1 insertions, 20 deletions

diff --git a/konqueror/konq_mainwindow.cc b/konqueror/konq_mainwindow.cc
index 4b8efaaf9..ff9d797cb 100644
--- a/konqueror/konq_mainwindow.cc
+++ b/konqueror/konq_mainwindow.cc
@@ -490,26 +490,7 @@ void KonqMainWindow::openURL( KonqView *_view, const KURL &_url,
 
       while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
         // there is at least one $
-        if( (aValue)[nDollarPos+1] == '(' ) {
-          uint nEndPos = nDollarPos+1;
-          // the next character is no $
-          while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
-              nEndPos++;
-          nEndPos++;
-          TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
-
-          TQString result;
-          FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
-          if (fs)
-          {
-             {
-             TQTextStream ts(fs, IO_ReadOnly);
-             result = ts.read().stripWhiteSpace();
-             }
-             pclose(fs);
-          }
-          aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
-        } else if( (aValue)[nDollarPos+1] != '$' ) {
+        if( (aValue)[nDollarPos+1] != '$' ) {
           uint nEndPos = nDollarPos+1;
           // the next character is no $
           TQString aVarName;