[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #55557] gropdf can execute arbitrary commands
|
From: |
Deri James |
|
Subject: |
[bug #55557] gropdf can execute arbitrary commands |
|
Date: |
Wed, 23 Jan 2019 18:22:35 -0500 (EST) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 |
Follow-up Comment #1, bug #55557 (project groff):
It looks like putting this line in the program, after any command line flags
have been handled/removed from ARGV:-
map { $_="< ".$_."\0" } @ARGV;
This does a similar job to the code referenced by Colin at:-
https://metacpan.org/source/DAVIDNICO/ARGV-readonly-0.01/lib/ARGV/readonly.pm
Except that it does not add "./" before any space at the start of the
filename, because that will fail if a space is given before a full pathname,
it is only useful if a file in the current directory has embedded leading
spaces in its filename. Even with the gropdf code as it is currently you would
need to pass the filename as "./ filename" to avoid the spaces being ignored.
I believe this line can be added to gropdf, hyphenex, gpinyin, and gperl. I am
not sure about glilypond yet, I need a bit more thought on that, since it does
a lot of work with ARGV in the program args.pl.
Does anyone have a better idea?
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?55557>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/