diff options
| author |  Andy Spencer <andy753421 at gmail.com> | 2009-11-29 16:22:48 +0100 |
|---|---|---|
| committer |  Dieter Plaetinck <dieter@plaetinck.be> | 2009-11-29 16:22:48 +0100 |
| commit | f4cdceb03e1ca1866f676a2e9e7a14025c448caf (patch) | |
| tree | 7307036526532b201e4f3f860520834f1ae38712 /examples | |
| parent | ec6eea0f30f08bc3cee252649f8b16d5c5abc67b (diff) | |
Fix security holes
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/data/uzbl/scripts/download.sh | 4 | ||||
| -rwxr-xr-x | examples/data/uzbl/scripts/scheme.py | 5 |
2 files changed, 5 insertions, 4 deletions
diff --git a/examples/data/uzbl/scripts/download.sh b/examples/data/uzbl/scripts/download.sh index c8eb6ba..1c7d039 100755 --- a/examples/data/uzbl/scripts/download.sh +++ b/examples/data/uzbl/scripts/download.sh @@ -16,7 +16,7 @@ test "x$url" = "x" && { echo "you must supply a url! ($url)"; exit 1; } # only changes the dir for the $get sub process if echo "$url" | grep -E '.*\.torrent' >/dev/null; then - ( cd "$dest"; eval "$GET" "$url") + ( cd "$dest"; $GET "$url") else - ( cd "$dest"; eval "$GET" "$url") + ( cd "$dest"; $GET "$url") fi diff --git a/examples/data/uzbl/scripts/scheme.py b/examples/data/uzbl/scripts/scheme.py index a54476f..0916466 100755 --- a/examples/data/uzbl/scripts/scheme.py +++ b/examples/data/uzbl/scripts/scheme.py @@ -16,8 +16,9 @@ if __name__ == '__main__': uri = sys.argv[8] u = urlparse.urlparse(uri) if u.scheme == 'mailto': - detach_open(['xterm', '-e', 'mail %r' % u.path]) + detach_open(['xterm', '-e', 'mail', u.path]) elif u.scheme == 'xmpp': + # Someone check for safe arguments to gajim-remote detach_open(['gajim-remote', 'open_chat', uri]) elif u.scheme == 'git': - detach_open(['git', 'clone', uri], cwd=os.path.expanduser('~/src')) + detach_open(['git', 'clone', '--', uri], cwd=os.path.expanduser('~/src')) |