Security: remove support for $(...) in config keys with [$e] marker.

It is very unclear at this point what a valid use case for this feature
would possibly be. The old documentation only mentions $(hostname) as
an example, which can be done with $HOSTNAME instead.

Note that $(...) is still supported in Exec lines of desktop files,
this does not require [$e] anyway (and actually works better without it,
otherwise the $ signs need to be doubled to obey tdeconfig $e escaping rules...).

Based on KDE Frameworks 5 kconfig patch for CVE-2019-14744.
This resolves issue #45.

Signed-off-by: Slávek Banko <slavek.banko@axis.cz>

1 files changed, 0 insertions, 12 deletions

diff --git a/tdecore/README.kiosk b/tdecore/README.kiosk
index 826fc6da6..ae4f72d47 100644
--- a/tdecore/README.kiosk
+++ b/tdecore/README.kiosk
@@ -642,18 +642,6 @@ The following syntax is also supported:
 Name[$ei]=${USER}
 
 
-Shell Commands in KDE config files.
-===================================
-
-In KDE3.1 arbitrary entries in configuration files can contain shell 
-commands. This way the value of a configuration entry can be determined
-dynamically at runtime. In order to use this the entry must be marked 
-with [$e]. 
-
-Example:
-Host[$e]=$(hostname)
-
-
 KDE3 Kiosk Application API
 ==========================