From: Marius Gavrilescu <marius@ieval.ro>
Date: Sun, 23 Feb 2014 19:15:06 +0000 (+0200)
Subject: Escape theme name before passing it to system(3)
X-Git-Tag: debian/2.1.0-4~4
X-Git-Url: http://git.ieval.ro/?p=gtk-theme-switch.git;a=commitdiff_plain;h=511117eba1f7ff8b2878dba6b1dd204ae5098448

Escape theme name before passing it to system(3)
---

diff --git a/debian/patches/escape-theme-name-in-system.patch b/debian/patches/escape-theme-name-in-system.patch
new file mode 100644
index 0000000..1ebbfa9
--- /dev/null
+++ b/debian/patches/escape-theme-name-in-system.patch
@@ -0,0 +1,63 @@
+Description: Escape theme name before passing it to system(3)
+Bug-Debian: https://bugs.debian.org/739709
+Author: Marius Gavrilescu <marius@ieval.ro>
+Forwarded: no
+Last-Update: 2014-02-23
+
+--- a/main.c
++++ b/main.c
+@@ -808,27 +808,51 @@
+ 	}
+ }
+ 
++static gchar *shell_escape (gchar *arg)
++{
++ 	gchar *out;
++	gint n;
++
++	out = g_new(gchar, strlen(arg) * 2 + 1);
++ 	n = 0;
++	for(;*arg;arg++)
++	{
++ 		if(*arg == '\'')
++		{
++			out[n++] = '\'';
++ 			out[n++] = '\\';
++			out[n++] = '\'';
++		}
++ 		out[n++] = *arg;
++ 	}
++	out[n] = 0;
++
++ 	return out;
++ }
++
+ static short install_tarball (gchar *path, gchar **rc_file)
+ {
+-	gchar *command, *themedir;
++	gchar *command, *themedir, *escaped_path;
+ 	gint result;
+ 	GList *new_list, *new_theme;
+ 
+ 	themedir = g_strdup_printf ("%s/.themes", homedir);
++	escaped_path = shell_escape (path);
+ 
+ 	if (path[0] != '/')
+ 	{
+ 		gchar *cwd = g_get_current_dir();
+-		command = g_strdup_printf ("tar --directory %s -xzf %s/%s 2>/dev/null", themedir, cwd, path);
++		command = g_strdup_printf ("tar --directory %s -xzf %s/'%s' 2>/dev/null", themedir, cwd, escaped_path);
+ 		g_free (cwd);
+ 	}
+ 	else
+-		command = g_strdup_printf ("tar --directory %s -xzf %s 2>/dev/null", themedir, path);
++		command = g_strdup_printf ("tar --directory %s -xzf '%s' 2>/dev/null", themedir, escaped_path);
+ 
+ 	/* Ensure that ~/.themes exists */
+ 	mkdir (themedir, S_IRUSR | S_IWUSR | S_IXUSR);
+ 
+ 	result = system(command);
++	g_free (escaped_path);
+ 	g_free (command);
+ 	g_free (themedir);
+ 	if (result != EXIT_SUCCESS)
diff --git a/debian/patches/series b/debian/patches/series
index 7039fe6..720ceef 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
 fix-spelling.patch
 exit-cleanly-when-we-have-no-homedir.patch
+escape-theme-name-in-system.patch