Domů Procházet Nápověda
Přihlásit se
erkanisik
/
main
zrcadlo https://github.com/pisilinux/main.git
Sledovat 1
Oblíbit 0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Strom: 28cfded965
Větve Značky
main
/
desktop
/
kde6
/
plasma
/
plasma-workspace-kf6
/
files
/
f32002ce50edc3891f1fa41173132c820b917d57.patch

f32002ce50edc3891f1fa41173132c820b917d57.patch 1.1 KB
Historie Surový

1234567891011121314151617181920212223242526272829303132 
  1. From f32002ce50edc3891f1fa41173132c820b917d57 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Marco Martin <notmart@gmail.com>
    3. 

  3. Date: Mon, 5 Feb 2018 13:12:51 +0100
    4. 

  4. Subject: Make sure device paths are quoted
    5. 

  5. 

  6. in the case a vfat removable device has $() or `` in its label,
    7. 

  7. such as $(touch foo) the quoted command may get executed,
    8. 

  8. leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote
    9. 

  9. to make sure everything is quoted and not interpreted as a command
    10. 

  10. 

  11. BUG:389815
    12. 

  12. ---
    13. 

  13.  solid-kf6uiserver/deviceserviceaction.cpp | 2 +-
    14. 

  14.  1 file changed, 1 insertion(+), 1 deletion(-)
    15. 

  15. 

  16. diff --git a/solid-kf6uiserver/deviceserviceaction.cpp b/solid-kf6uiserver/deviceserviceaction.cpp
    17. 

  17. index f49c967..738b27c 100644
    18. 

  18. --- a/solid-kf6uiserver/deviceserviceaction.cpp
    19. 

  19. +++ b/solid-kf6uiserver/deviceserviceaction.cpp
    20. 

  20. @@ -158,7 +158,7 @@ void DelayedExecutor::delayedExecute(const QString &udi)
    21. 

  21.  
    22. 

  22.      QString exec = m_service.exec();
    23. 

  23.      MacroExpander mx(device);
    24. 

  24. -    mx.expandMacros(exec);
    25. 

  25. +    mx.expandMacrosShellQuote(exec);
    26. 

  26.  
    27. 

  27.      KRun::runCommand(exec, QString(), m_service.icon(), 0);
    28. 

  28.      deleteLater();
    29. 

  29. -- 
    30. 

  30. cgit v0.11.2
    31. 

  31. 

  32.