]>
Commit | Line | Data |
---|---|---|
1 | Description: Escape theme name before passing it to system(3) | |
2 | Bug-Debian: https://bugs.debian.org/739709 | |
3 | Author: Marius Gavrilescu <marius@ieval.ro> | |
4 | Forwarded: no | |
5 | Last-Update: 2014-02-23 | |
6 | ||
7 | --- a/main.c | |
8 | +++ b/main.c | |
9 | @@ -808,27 +808,51 @@ | |
10 | } | |
11 | } | |
12 | ||
13 | +static gchar *shell_escape (gchar *arg) | |
14 | +{ | |
15 | + gchar *out; | |
16 | + gint n; | |
17 | + | |
18 | + out = g_new(gchar, strlen(arg) * 2 + 1); | |
19 | + n = 0; | |
20 | + for(;*arg;arg++) | |
21 | + { | |
22 | + if(*arg == '\'') | |
23 | + { | |
24 | + out[n++] = '\''; | |
25 | + out[n++] = '\\'; | |
26 | + out[n++] = '\''; | |
27 | + } | |
28 | + out[n++] = *arg; | |
29 | + } | |
30 | + out[n] = 0; | |
31 | + | |
32 | + return out; | |
33 | + } | |
34 | + | |
35 | static short install_tarball (gchar *path, gchar **rc_file) | |
36 | { | |
37 | - gchar *command, *themedir; | |
38 | + gchar *command, *themedir, *escaped_path; | |
39 | gint result; | |
40 | GList *new_list, *new_theme; | |
41 | ||
42 | themedir = g_strdup_printf ("%s/.themes", homedir); | |
43 | + escaped_path = shell_escape (path); | |
44 | ||
45 | if (path[0] != '/') | |
46 | { | |
47 | gchar *cwd = g_get_current_dir(); | |
48 | - command = g_strdup_printf ("tar --directory %s -xzf %s/%s 2>/dev/null", themedir, cwd, path); | |
49 | + command = g_strdup_printf ("tar --directory %s -xzf %s/'%s' 2>/dev/null", themedir, cwd, escaped_path); | |
50 | g_free (cwd); | |
51 | } | |
52 | else | |
53 | - command = g_strdup_printf ("tar --directory %s -xzf %s 2>/dev/null", themedir, path); | |
54 | + command = g_strdup_printf ("tar --directory %s -xzf '%s' 2>/dev/null", themedir, escaped_path); | |
55 | ||
56 | /* Ensure that ~/.themes exists */ | |
57 | mkdir (themedir, S_IRUSR | S_IWUSR | S_IXUSR); | |
58 | ||
59 | result = system(command); | |
60 | + g_free (escaped_path); | |
61 | g_free (command); | |
62 | g_free (themedir); | |
63 | if (result != EXIT_SUCCESS) |