forked from pool/xdg-utils
51 lines
2.0 KiB
Diff
51 lines
2.0 KiB
Diff
|
From: Jiri Slaby <jslaby@suse.cz>
|
||
|
Date: Mon, 20 May 2013 13:53:04 +0200
|
||
|
Subject: xdg-open: be more paranoid in escaping
|
||
|
Patch-mainline: not yet, submitted 2013/05/20
|
||
|
References: bnc#811959
|
||
|
|
||
|
When trying to open URLs like:
|
||
|
http://www.google.com/search?hl=en&q=HTTP+'M-SEARCH * HTTP/1.1\r\n'
|
||
|
we fail terribly in the generic case. \r and \n are replaced by line
|
||
|
feed+CR, * is replaced by the contents of the current directory.
|
||
|
|
||
|
So escape all those before used and expanded by sed. And also later
|
||
|
when invoking.
|
||
|
|
||
|
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
|
||
|
---
|
||
|
scripts/xdg-open.in | 14 +++++++-------
|
||
|
1 file changed, 7 insertions(+), 7 deletions(-)
|
||
|
|
||
|
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
|
||
|
index eda1cfb..0934142 100644
|
||
|
--- a/scripts/xdg-open.in
|
||
|
+++ b/scripts/xdg-open.in
|
||
|
@@ -135,16 +135,16 @@ search_desktop_file()
|
||
|
command="`grep -E "^Exec(\[[^]=]*])?=" "$file" | cut -d= -f 2- | first_word`"
|
||
|
command_exec=`which $command 2>/dev/null`
|
||
|
arguments="`grep -E "^Exec(\[[^]=]*])?=" "$file" | cut -d= -f 2- | last_word`"
|
||
|
- arg_one="`echo $arg | sed 's/&/\\\\&/g'`"
|
||
|
- arguments_exec="`echo $arguments | sed -e 's*%[fFuU]*"'"$arg_one"'"*g'`"
|
||
|
+ arg_one="`echo "$arg" | sed 's/[&*\\]/\\\\&/g'`"
|
||
|
+ arguments_exec="`echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g'`"
|
||
|
|
||
|
if [ -x "$command_exec" ] ; then
|
||
|
- if echo $arguments | grep -iq '%[fFuU]' ; then
|
||
|
- echo START $command_exec $arguments_exec
|
||
|
- eval $command_exec $arguments_exec
|
||
|
+ if echo "$arguments" | grep -iq '%[fFuU]' ; then
|
||
|
+ echo START "$command_exec" "$arguments_exec"
|
||
|
+ eval "$command_exec" "$arguments_exec"
|
||
|
else
|
||
|
- echo START $command_exec $arguments_exec "$arg"
|
||
|
- eval $command_exec $arguments_exec "$arg"
|
||
|
+ echo START "$command_exec" "$arguments_exec" "$arg"
|
||
|
+ eval "$command_exec" "$arguments_exec" "$arg"
|
||
|
fi
|
||
|
|
||
|
if [ $? -eq 0 ]; then
|
||
|
--
|
||
|
1.8.2.3
|
||
|
|