rpm/xdg-utils
SHA256
1
0
Fork 0
forked from pool/xdg-utils
Code Pull Requests Activity
73fbf171ee
xdg-utils/xdg-open-be-more-paranoid-in-escaping.patch

51 lines
2.0 KiB
Diff
Raw Blame History

From: Jiri Slaby <jslaby@suse.cz>
Date: Mon, 20 May 2013 13:53:04 +0200
Subject: xdg-open: be more paranoid in escaping
Patch-mainline: not yet, submitted 2013/05/20
References: bnc#811959
When trying to open URLs like:
http://www.google.com/search?hl=en&q=HTTP+'M-SEARCH * HTTP/1.1\r\n'
we fail terribly in the generic case. \r and \n are replaced by line
feed+CR, * is replaced by the contents of the current directory.
So escape all those before used and expanded by sed. And also later
when invoking.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
scripts/xdg-open.in | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in
index eda1cfb..0934142 100644
--- a/scripts/xdg-open.in
+++ b/scripts/xdg-open.in
@@ -135,16 +135,16 @@ search_desktop_file()
command="`grep -E "^Exec(\[[^]=]*])?=" "$file" | cut -d= -f 2- | first_word`"
command_exec=`which $command 2>/dev/null`
arguments="`grep -E "^Exec(\[[^]=]*])?=" "$file" | cut -d= -f 2- | last_word`"
- arg_one="`echo $arg | sed 's/&/\\\\&/g'`"
- arguments_exec="`echo $arguments | sed -e 's*%[fFuU]*"'"$arg_one"'"*g'`"
+ arg_one="`echo "$arg" | sed 's/[&*\\]/\\\\&/g'`"
+ arguments_exec="`echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g'`"
if [ -x "$command_exec" ] ; then
- if echo $arguments | grep -iq '%[fFuU]' ; then
- echo START $command_exec $arguments_exec
- eval $command_exec $arguments_exec
+ if echo "$arguments" | grep -iq '%[fFuU]' ; then
+ echo START "$command_exec" "$arguments_exec"
+ eval "$command_exec" "$arguments_exec"
else
- echo START $command_exec $arguments_exec "$arg"
- eval $command_exec $arguments_exec "$arg"
+ echo START "$command_exec" "$arguments_exec" "$arg"
+ eval "$command_exec" "$arguments_exec" "$arg"
fi
if [ $? -eq 0 ]; then
--
1.8.2.3
View Git Blame Copy Permalink