diff options
author | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-02-16 13:17:11 +0900 |
---|---|---|
committer | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-02-16 13:36:16 +0900 |
commit | ef4c56c613fab1124f9ddfdeab48fcbcc5f836e4 (patch) | |
tree | b84cec8af614cf57f9fd2fbb4e9f28f53243a46f /tdeio | |
parent | a781ccd72c1eae768b23edc16c9f8026cc106ca3 (diff) | |
download | tdelibs-ef4c56c613fab1124f9ddfdeab48fcbcc5f836e4.tar.gz tdelibs-ef4c56c613fab1124f9ddfdeab48fcbcc5f836e4.zip |
Security: remove support for $(...) in KRun which could have allowed
execution of malicious code. This is similar to issue #45 for .desktop
files.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit 8b8f5064f7094a713a16ade3bf37d8efec601949)
Diffstat (limited to 'tdeio')
-rw-r--r-- | tdeio/tdeio/krun.cpp | 21 |
1 files changed, 1 insertions, 20 deletions
diff --git a/tdeio/tdeio/krun.cpp b/tdeio/tdeio/krun.cpp index ccb638288..89c84952f 100644 --- a/tdeio/tdeio/krun.cpp +++ b/tdeio/tdeio/krun.cpp @@ -931,26 +931,7 @@ void KRun::init() while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) { // there is at least one $ - if( (aValue)[nDollarPos+1] == '(' ) { - uint nEndPos = nDollarPos+1; - // the next character is no $ - while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') ) - nEndPos++; - nEndPos++; - TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 ); - - TQString result; - FILE *fs = popen(TQFile::encodeName(cmd).data(), "r"); - if (fs) - { - { - TQTextStream ts(fs, IO_ReadOnly); - result = ts.read().stripWhiteSpace(); - } - pclose(fs); - } - aValue.replace( nDollarPos, nEndPos-nDollarPos, result ); - } else if( (aValue)[nDollarPos+1] != '$' ) { + if( (aValue)[nDollarPos+1] != '$' ) { uint nEndPos = nDollarPos+1; // the next character is no $ TQString aVarName; |