summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Calgaro <[email protected]>2020-02-16 13:40:48 +0900
committerMichele Calgaro <[email protected]>2020-02-16 13:40:48 +0900
commit4f961d77d6da693c51c5be16366dc172b45c96e0 (patch)
tree279ea17eb77e33b5db4eb1423243a31cc30d4027
parentda6bd0768e4304e6c2853d012c7d0686a205addb (diff)
downloadtdevelop-4f961d77d6da693c51c5be16366dc172b45c96e0.tar.gz
tdevelop-4f961d77d6da693c51c5be16366dc172b45c96e0.zip
Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.
Signed-off-by: Michele Calgaro <[email protected]>
-rw-r--r--lib/widgets/kdevhtmlpart.cpp19
1 files changed, 1 insertions, 18 deletions
diff --git a/lib/widgets/kdevhtmlpart.cpp b/lib/widgets/kdevhtmlpart.cpp
index 35b2216f..a8520e30 100644
--- a/lib/widgets/kdevhtmlpart.cpp
+++ b/lib/widgets/kdevhtmlpart.cpp
@@ -259,24 +259,7 @@ TQString KDevHTMLPart::resolveEnvVarsInURL(const TQString& url)
// Note: the while loop below is a copy of code in tdecore/tdeconfigbase.cpp ;)
while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(path.length())) {
// there is at least one $
- if( (path)[nDollarPos+1] == '(' ) {
- uint nEndPos = nDollarPos+1;
- // the next character is no $
- while ( (nEndPos <= path.length()) && (path[nEndPos]!=')') )
- nEndPos++;
- nEndPos++;
- TQString cmd = path.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
-
- TQString result;
- FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
- if (fs)
- {
- TQTextStream ts(fs, IO_ReadOnly);
- result = ts.read().stripWhiteSpace();
- pclose(fs);
- }
- path.replace( nDollarPos, nEndPos-nDollarPos, result );
- } else if( (path)[nDollarPos+1] != '$' ) {
+ if( (path)[nDollarPos+1] != '$' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
TQString aVarName;