[Portland-bugs] [Bug 66670] xdg-open: command injection vulnerability
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Wed Jan 21 15:47:15 PST 2015
https://bugs.freedesktop.org/show_bug.cgi?id=66670
Rex Dieter <rdieter at math.unl.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #19 from Rex Dieter <rdieter at math.unl.edu> ---
this test case, however, launches an xterm:
DE="generic" XDG_CURRENT_DESKTOP="" xdg-open "http://127.0.0.1/$(xterm)"
(note the difference here is the argument is double quotes, note single quote)
I'll have to double-check if this is valid or not
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/portland-bugs/attachments/20150121/63b89f36/attachment.html>
More information about the Portland-bugs
mailing list