mirror of
https://github.com/rkd77/elinks.git
synced 2024-12-04 14:46:47 -05:00
Bug 991: Replace '%s' by % in the mailcap.c
Currently, when ELinks passes the name of a local file to an external MIME handler program, it encodes the name as a URI. Programs typically do not expect this, and they then fail to open the file. ELinks should instead quote the file name for the shell. Unfortunately, Debian has lines like this in /etc/mailcap: audio/mpeg; xmms '%s'; test=test "$DISPLAY" != "" If ELinks were changed to replace the %s with e.g. '/home/Kalle/doc/Topfield/How to upgraded the Firmware(English).pdf' (quotes included), then the quotes would cancel out and the shell would split the file name into multiple arguments. That could even provide a way for malicious persons to make ELinks run arbitrary shell commands. The examples in RFC 1524 all have %s without any quotes. Debian has two bug reports about the quoting behaviour: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=90483 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221717 This patch therefore tries to detect whether the %s has been quoted already, and remove the quotes if so. That way, the next patch will be able to safely add its own quotes. This removal of quotes applies only to mailcap files; MIME handlers defined in elinks.conf should already be in the format preferred by ELinks. (The patch was attachment 438 of bug 991, by Witold Filipczyk. This commit message was written by Kalle Olavi Niemitalo.)
This commit is contained in:
Witold Filipczyk
Kalle Olavi Niemitalo
parent
7bdeb3188e
commit
a6966e9472
@ -498,13 +498,24 @@ format_command(unsigned char *command, unsigned char *type, int copiousoutput)
|
||||
while (*command) {
|
||||
unsigned char *start = command;
|
||||
|
||||
while (*command && *command != '%' && *command != '\\')
|
||||
while (*command && *command != '%' && *command != '\\' && *command != '\'')
|
||||
command++;
|
||||
|
||||
if (start < command)
|
||||
add_bytes_to_string(&cmd, start, command - start);
|
||||
|
||||
if (*command == '%') {
|
||||
switch (*command) {
|
||||
case '\'': /* Debian's '%s' */
|
||||
command++;
|
||||
if (!strncmp(command, "%s'", 3)) {
|
||||
command += 3;
|
||||
add_char_to_string(&cmd, '%');
|
||||
} else {
|
||||
add_char_to_string(&cmd, '\'');
|
||||
}
|
||||
break;
|
||||
|
||||
case '%':
|
||||
command++;
|
||||
if (!*command) {
|
||||
done_string(&cmd);
|
||||
@ -522,13 +533,16 @@ format_command(unsigned char *command, unsigned char *type, int copiousoutput)
|
||||
add_to_string(&cmd, type);
|
||||
}
|
||||
command++;
|
||||
break;
|
||||
|
||||
} else if (*command == '\\') {
|
||||
case '\\':
|
||||
command++;
|
||||
if (*command) {
|
||||
add_char_to_string(&cmd, *command);
|
||||
command++;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
#if 0
|
||||
|
||||
Loading…
Reference in New Issue
Block a user