Browse Source

Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
pull/130/head
Michele Calgaro 1 month ago
parent
commit
2948d1cdf7
Signed by: MicheleC <michele.calgaro@yahoo.it> GPG Key ID: 2A75B7CA8ADED5CF
1 changed files with 1 additions and 20 deletions
  1. +1
    -20
      konqueror/konq_mainwindow.cc

+ 1
- 20
konqueror/konq_mainwindow.cc View File

@@ -490,26 +490,7 @@ void KonqMainWindow::openURL( KonqView *_view, const KURL &_url,

while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
// there is at least one $
if( (aValue)[nDollarPos+1] == '(' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
nEndPos++;
nEndPos++;
TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );

TQString result;
FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
if (fs)
{
{
TQTextStream ts(fs, IO_ReadOnly);
result = ts.read().stripWhiteSpace();
}
pclose(fs);
}
aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
} else if( (aValue)[nDollarPos+1] != '$' ) {
if( (aValue)[nDollarPos+1] != '$' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
TQString aVarName;


Loading…
Cancel
Save