From bf33a2b30a69c7603db98f16542dd90a61e9c056 Mon Sep 17 00:00:00 2001
From: Andy Spencer <andy753421@gmail.com>
Date: Mon, 23 Nov 2009 11:24:10 +0000
Subject: Fix security holes

* Please be careful when using eval, you rarely need it.

* There might be more issues, I haven't checked any of the bigger python
  scripts, plugins, or the C code.

Signed-off-by: Andy Spencer <andy753421@gmail.com>
---
 examples/data/uzbl/scripts/clipboard.sh | 2 +-
 examples/data/uzbl/scripts/download.sh  | 4 ++--
 examples/data/uzbl/scripts/scheme.py    | 5 +++--
 examples/data/uzbl/scripts/yank.sh      | 7 ++-----
 4 files changed, 8 insertions(+), 10 deletions(-)

(limited to 'examples/data/uzbl/scripts')

diff --git a/examples/data/uzbl/scripts/clipboard.sh b/examples/data/uzbl/scripts/clipboard.sh
index 60567d3..d493774 100755
--- a/examples/data/uzbl/scripts/clipboard.sh
+++ b/examples/data/uzbl/scripts/clipboard.sh
@@ -11,7 +11,7 @@ url="$7"
 selection=`$clip -o`
 
 case $action in
-  "yank" ) echo -n "$url" | eval "$clip";;
+  "yank" ) echo -n "$url" | $clip;;
   "goto" ) echo "uri $selection" > "$fifo";;
   * ) echo "clipboard.sh: invalid action";;
 esac
diff --git a/examples/data/uzbl/scripts/download.sh b/examples/data/uzbl/scripts/download.sh
index c8eb6ba..55b0cb2 100755
--- a/examples/data/uzbl/scripts/download.sh
+++ b/examples/data/uzbl/scripts/download.sh
@@ -16,7 +16,7 @@ test "x$url" = "x" && { echo "you must supply a url! ($url)"; exit 1; }
 # only changes the dir for the $get sub process
 if echo "$url" | grep -E '.*\.torrent' >/dev/null;
 then
-    ( cd "$dest"; eval "$GET" "$url")
+    ( cd "$dest"; $GET "$url" )
 else
-    ( cd "$dest"; eval "$GET" "$url")
+    ( cd "$dest"; $GET "$url" )
 fi
diff --git a/examples/data/uzbl/scripts/scheme.py b/examples/data/uzbl/scripts/scheme.py
index 7286703..0916466 100755
--- a/examples/data/uzbl/scripts/scheme.py
+++ b/examples/data/uzbl/scripts/scheme.py
@@ -16,8 +16,9 @@ if __name__ == '__main__':
     uri = sys.argv[8]
     u = urlparse.urlparse(uri)
     if u.scheme == 'mailto':
-        detach_open(['xterm', '-e', 'mail %s' % u.path])
+        detach_open(['xterm', '-e', 'mail', u.path])
     elif u.scheme == 'xmpp':
+        # Someone check for safe arguments to gajim-remote
         detach_open(['gajim-remote', 'open_chat', uri])
     elif u.scheme == 'git':
-        detach_open(['git', 'clone', uri], cwd=os.path.expanduser('~/src'))
+        detach_open(['git', 'clone', '--', uri], cwd=os.path.expanduser('~/src'))
diff --git a/examples/data/uzbl/scripts/yank.sh b/examples/data/uzbl/scripts/yank.sh
index 376b7e2..6785d64 100755
--- a/examples/data/uzbl/scripts/yank.sh
+++ b/examples/data/uzbl/scripts/yank.sh
@@ -9,9 +9,6 @@
 clip=xclip
 
 which $clip &>/dev/null || exit 1
-[ "x$9" = xprimary -o "x$9" = xsecondary -o "x$9" = xclipboard ] || exit 2
+[ "$9" = primary -o "$9" = secondary -o "$9" = clipboard ] || exit 2
 
-value=`eval "echo -n \\${$8}"` # bash: value = ${!8}
-
-echo "echo -n '${value}' | $clip -selection $9"
-echo -n "'${value}' | $clip -selection $9"
+echo -n "$8" | $clip -selection $9
-- 
cgit v1.2.3