summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Calgaro <michele.calgaro@yahoo.it>2020-02-16 13:17:11 +0900
committerMichele Calgaro <michele.calgaro@yahoo.it>2020-02-16 13:36:16 +0900
commitef4c56c613fab1124f9ddfdeab48fcbcc5f836e4 (patch)
treeb84cec8af614cf57f9fd2fbb4e9f28f53243a46f
parenta781ccd72c1eae768b23edc16c9f8026cc106ca3 (diff)
downloadtdelibs-ef4c56c613fab1124f9ddfdeab48fcbcc5f836e4.tar.gz
tdelibs-ef4c56c613fab1124f9ddfdeab48fcbcc5f836e4.zip
Security: remove support for $(...) in KRun which could have allowed
execution of malicious code. This is similar to issue #45 for .desktop files. Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it> (cherry picked from commit 8b8f5064f7094a713a16ade3bf37d8efec601949)
-rw-r--r--tdeio/tdeio/krun.cpp21
1 files changed, 1 insertions, 20 deletions
diff --git a/tdeio/tdeio/krun.cpp b/tdeio/tdeio/krun.cpp
index ccb638288..89c84952f 100644
--- a/tdeio/tdeio/krun.cpp
+++ b/tdeio/tdeio/krun.cpp
@@ -931,26 +931,7 @@ void KRun::init()
while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
// there is at least one $
- if( (aValue)[nDollarPos+1] == '(' ) {
- uint nEndPos = nDollarPos+1;
- // the next character is no $
- while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
- nEndPos++;
- nEndPos++;
- TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
-
- TQString result;
- FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
- if (fs)
- {
- {
- TQTextStream ts(fs, IO_ReadOnly);
- result = ts.read().stripWhiteSpace();
- }
- pclose(fs);
- }
- aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
- } else if( (aValue)[nDollarPos+1] != '$' ) {
+ if( (aValue)[nDollarPos+1] != '$' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
TQString aVarName;