diff options
author | Michele Calgaro <[email protected]> | 2020-02-16 13:40:48 +0900 |
---|---|---|
committer | Michele Calgaro <[email protected]> | 2020-02-16 13:40:48 +0900 |
commit | 4f961d77d6da693c51c5be16366dc172b45c96e0 (patch) | |
tree | 279ea17eb77e33b5db4eb1423243a31cc30d4027 | |
parent | da6bd0768e4304e6c2853d012c7d0686a205addb (diff) | |
download | tdevelop-4f961d77d6da693c51c5be16366dc172b45c96e0.tar.gz tdevelop-4f961d77d6da693c51c5be16366dc172b45c96e0.zip |
Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.
Signed-off-by: Michele Calgaro <[email protected]>
-rw-r--r-- | lib/widgets/kdevhtmlpart.cpp | 19 |
1 files changed, 1 insertions, 18 deletions
diff --git a/lib/widgets/kdevhtmlpart.cpp b/lib/widgets/kdevhtmlpart.cpp index 35b2216f..a8520e30 100644 --- a/lib/widgets/kdevhtmlpart.cpp +++ b/lib/widgets/kdevhtmlpart.cpp @@ -259,24 +259,7 @@ TQString KDevHTMLPart::resolveEnvVarsInURL(const TQString& url) // Note: the while loop below is a copy of code in tdecore/tdeconfigbase.cpp ;) while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(path.length())) { // there is at least one $ - if( (path)[nDollarPos+1] == '(' ) { - uint nEndPos = nDollarPos+1; - // the next character is no $ - while ( (nEndPos <= path.length()) && (path[nEndPos]!=')') ) - nEndPos++; - nEndPos++; - TQString cmd = path.mid( nDollarPos+2, nEndPos-nDollarPos-3 ); - - TQString result; - FILE *fs = popen(TQFile::encodeName(cmd).data(), "r"); - if (fs) - { - TQTextStream ts(fs, IO_ReadOnly); - result = ts.read().stripWhiteSpace(); - pclose(fs); - } - path.replace( nDollarPos, nEndPos-nDollarPos, result ); - } else if( (path)[nDollarPos+1] != '$' ) { + if( (path)[nDollarPos+1] != '$' ) { uint nEndPos = nDollarPos+1; // the next character is no $ TQString aVarName; |