summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Calgaro <[email protected]>2020-02-16 13:37:37 +0900
committerMichele Calgaro <[email protected]>2020-02-16 13:37:40 +0900
commit2948d1cdf79e47b1c71b5565baae4178c8c1de39 (patch)
tree7155f537ca6bc04e9f10aef0496b7f9574f53901
parentca57a59e95c71d37c8f7ddf8024c64c8bcae0890 (diff)
downloadtdebase-2948d1cdf79e47b1c71b5565baae4178c8c1de39.tar.gz
tdebase-2948d1cdf79e47b1c71b5565baae4178c8c1de39.zip
Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.
Signed-off-by: Michele Calgaro <[email protected]>
-rw-r--r--konqueror/konq_mainwindow.cc21
1 files changed, 1 insertions, 20 deletions
diff --git a/konqueror/konq_mainwindow.cc b/konqueror/konq_mainwindow.cc
index 4b8efaaf9..ff9d797cb 100644
--- a/konqueror/konq_mainwindow.cc
+++ b/konqueror/konq_mainwindow.cc
@@ -490,26 +490,7 @@ void KonqMainWindow::openURL( KonqView *_view, const KURL &_url,
while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
// there is at least one $
- if( (aValue)[nDollarPos+1] == '(' ) {
- uint nEndPos = nDollarPos+1;
- // the next character is no $
- while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
- nEndPos++;
- nEndPos++;
- TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
-
- TQString result;
- FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
- if (fs)
- {
- {
- TQTextStream ts(fs, IO_ReadOnly);
- result = ts.read().stripWhiteSpace();
- }
- pclose(fs);
- }
- aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
- } else if( (aValue)[nDollarPos+1] != '$' ) {
+ if( (aValue)[nDollarPos+1] != '$' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
TQString aVarName;