diff options
| author | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-02-16 13:17:11 +0900 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2021-02-03 21:17:42 +0100 |
| commit | 58b490adcc54db979c2145600fafe80ee843bcba (patch) | |
| tree | fecabd90d92860b2c37a60922426c4e1a9c59503 /kio | |
| parent | 5523d65792d5ce500bca091e8590fe84592d54a6 (diff) | |
| download | tdelibs-58b490adcc54db979c2145600fafe80ee843bcba.tar.gz tdelibs-58b490adcc54db979c2145600fafe80ee843bcba.zip | |
Security: remove support for $(...) in KRun which could have allowed
execution of malicious code. This is similar to issue #45 for .desktop
files.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit 8b8f5064f7094a713a16ade3bf37d8efec601949)
Diffstat (limited to 'kio')
| -rw-r--r-- | kio/kio/krun.cpp | 21 |
1 files changed, 1 insertions, 20 deletions
diff --git a/kio/kio/krun.cpp b/kio/kio/krun.cpp index 9669a27c6..7b278d2cd 100644 --- a/kio/kio/krun.cpp +++ b/kio/kio/krun.cpp @@ -931,26 +931,7 @@ void KRun::init() while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) { // there is at least one $ - if( (aValue)[nDollarPos+1] == '(' ) { - uint nEndPos = nDollarPos+1; - // the next character is no $ - while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') ) - nEndPos++; - nEndPos++; - TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 ); - - TQString result; - FILE *fs = popen(TQFile::encodeName(cmd).data(), "r"); - if (fs) - { - { - TQTextStream ts(fs, IO_ReadOnly); - result = ts.read().stripWhiteSpace(); - } - pclose(fs); - } - aValue.replace( nDollarPos, nEndPos-nDollarPos, result ); - } else if( (aValue)[nDollarPos+1] != '$' ) { + if( (aValue)[nDollarPos+1] != '$' ) { uint nEndPos = nDollarPos+1; // the next character is no $ TQString aVarName; |