[Portland-bugs] [Bug 103807] Argument injection in xdg-open open_envvar
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon May 14 08:57:15 UTC 2018
https://bugs.freedesktop.org/show_bug.cgi?id=103807
Karol Babioch <karol at babioch.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |---
--- Comment #11 from Karol Babioch <karol at babioch.de> ---
I'm not sure if the proposed fix is really fixing the problem, because it only
checks whether a single argument is provided.
What about this?
BROWSER="firefox %s" xdg-open "https://google.com$(touch /tmp/testfile)"
For me this creates a testfile in /tmp, which shouldn't be the case.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/portland-bugs/attachments/20180514/e5498ea6/attachment.html>
More information about the Portland-bugs
mailing list