diff options
author | Michele Calgaro <[email protected]> | 2020-02-16 13:37:37 +0900 |
---|---|---|
committer | Michele Calgaro <[email protected]> | 2020-02-16 13:37:40 +0900 |
commit | 2948d1cdf79e47b1c71b5565baae4178c8c1de39 (patch) | |
tree | 7155f537ca6bc04e9f10aef0496b7f9574f53901 | |
parent | ca57a59e95c71d37c8f7ddf8024c64c8bcae0890 (diff) | |
download | tdebase-2948d1cdf79e47b1c71b5565baae4178c8c1de39.tar.gz tdebase-2948d1cdf79e47b1c71b5565baae4178c8c1de39.zip |
Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.
Signed-off-by: Michele Calgaro <[email protected]>
-rw-r--r-- | konqueror/konq_mainwindow.cc | 21 |
1 files changed, 1 insertions, 20 deletions
diff --git a/konqueror/konq_mainwindow.cc b/konqueror/konq_mainwindow.cc index 4b8efaaf9..ff9d797cb 100644 --- a/konqueror/konq_mainwindow.cc +++ b/konqueror/konq_mainwindow.cc @@ -490,26 +490,7 @@ void KonqMainWindow::openURL( KonqView *_view, const KURL &_url, while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) { // there is at least one $ - if( (aValue)[nDollarPos+1] == '(' ) { - uint nEndPos = nDollarPos+1; - // the next character is no $ - while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') ) - nEndPos++; - nEndPos++; - TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 ); - - TQString result; - FILE *fs = popen(TQFile::encodeName(cmd).data(), "r"); - if (fs) - { - { - TQTextStream ts(fs, IO_ReadOnly); - result = ts.read().stripWhiteSpace(); - } - pclose(fs); - } - aValue.replace( nDollarPos, nEndPos-nDollarPos, result ); - } else if( (aValue)[nDollarPos+1] != '$' ) { + if( (aValue)[nDollarPos+1] != '$' ) { uint nEndPos = nDollarPos+1; // the next character is no $ TQString aVarName; |