diff options
author | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-02-16 13:40:48 +0900 |
---|---|---|
committer | Michele Calgaro <michele.calgaro@yahoo.it> | 2020-02-16 13:41:15 +0900 |
commit | a8107c332f110bf4c94566c93305c371b4c73b72 (patch) | |
tree | fd1f52499c732a5ab989f951d5f05b169e1d827b | |
parent | 76ef0cc47c8bbb03ae4f32680515aedf484ec5f8 (diff) | |
download | tdevelop-a8107c332f110bf4c94566c93305c371b4c73b72.tar.gz tdevelop-a8107c332f110bf4c94566c93305c371b4c73b72.zip |
Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
(cherry picked from commit 4f961d77d6da693c51c5be16366dc172b45c96e0)
-rw-r--r-- | lib/widgets/kdevhtmlpart.cpp | 19 |
1 files changed, 1 insertions, 18 deletions
diff --git a/lib/widgets/kdevhtmlpart.cpp b/lib/widgets/kdevhtmlpart.cpp index 35b2216f..a8520e30 100644 --- a/lib/widgets/kdevhtmlpart.cpp +++ b/lib/widgets/kdevhtmlpart.cpp @@ -259,24 +259,7 @@ TQString KDevHTMLPart::resolveEnvVarsInURL(const TQString& url) // Note: the while loop below is a copy of code in tdecore/tdeconfigbase.cpp ;) while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(path.length())) { // there is at least one $ - if( (path)[nDollarPos+1] == '(' ) { - uint nEndPos = nDollarPos+1; - // the next character is no $ - while ( (nEndPos <= path.length()) && (path[nEndPos]!=')') ) - nEndPos++; - nEndPos++; - TQString cmd = path.mid( nDollarPos+2, nEndPos-nDollarPos-3 ); - - TQString result; - FILE *fs = popen(TQFile::encodeName(cmd).data(), "r"); - if (fs) - { - TQTextStream ts(fs, IO_ReadOnly); - result = ts.read().stripWhiteSpace(); - pclose(fs); - } - path.replace( nDollarPos, nEndPos-nDollarPos, result ); - } else if( (path)[nDollarPos+1] != '$' ) { + if( (path)[nDollarPos+1] != '$' ) { uint nEndPos = nDollarPos+1; // the next character is no $ TQString aVarName; |