From 920cbdb3ed92bca1e8586db61035373e5bd8a0d7 Mon Sep 17 00:00:00 2001 From: Michele Calgaro Date: Sun, 16 Feb 2020 13:37:37 +0900 Subject: Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files. Signed-off-by: Michele Calgaro (cherry picked from commit 2948d1cdf79e47b1c71b5565baae4178c8c1de39) --- konqueror/konq_mainwindow.cc | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) (limited to 'konqueror') diff --git a/konqueror/konq_mainwindow.cc b/konqueror/konq_mainwindow.cc index 4b8efaaf9..ff9d797cb 100644 --- a/konqueror/konq_mainwindow.cc +++ b/konqueror/konq_mainwindow.cc @@ -490,26 +490,7 @@ void KonqMainWindow::openURL( KonqView *_view, const KURL &_url, while( nDollarPos != -1 && nDollarPos+1 < static_cast(aValue.length())) { // there is at least one $ - if( (aValue)[nDollarPos+1] == '(' ) { - uint nEndPos = nDollarPos+1; - // the next character is no $ - while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') ) - nEndPos++; - nEndPos++; - TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 ); - - TQString result; - FILE *fs = popen(TQFile::encodeName(cmd).data(), "r"); - if (fs) - { - { - TQTextStream ts(fs, IO_ReadOnly); - result = ts.read().stripWhiteSpace(); - } - pclose(fs); - } - aValue.replace( nDollarPos, nEndPos-nDollarPos, result ); - } else if( (aValue)[nDollarPos+1] != '$' ) { + if( (aValue)[nDollarPos+1] != '$' ) { uint nEndPos = nDollarPos+1; // the next character is no $ TQString aVarName; -- cgit v1.2.1