Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
pull/12/head
Michele Calgaro 4 years ago
parent da6bd0768e
commit 4f961d77d6
Signed by: MicheleC
GPG Key ID: 2A75B7CA8ADED5CF

@ -259,24 +259,7 @@ TQString KDevHTMLPart::resolveEnvVarsInURL(const TQString& url)
// Note: the while loop below is a copy of code in tdecore/tdeconfigbase.cpp ;)
while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(path.length())) {
// there is at least one $
if( (path)[nDollarPos+1] == '(' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
while ( (nEndPos <= path.length()) && (path[nEndPos]!=')') )
nEndPos++;
nEndPos++;
TQString cmd = path.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
TQString result;
FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
if (fs)
{
TQTextStream ts(fs, IO_ReadOnly);
result = ts.read().stripWhiteSpace();
pclose(fs);
}
path.replace( nDollarPos, nEndPos-nDollarPos, result );
} else if( (path)[nDollarPos+1] != '$' ) {
if( (path)[nDollarPos+1] != '$' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
TQString aVarName;

Loading…
Cancel
Save