summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichele Calgaro <michele.calgaro@yahoo.it>2020-02-16 13:40:48 +0900
committerMichele Calgaro <michele.calgaro@yahoo.it>2020-02-16 13:41:15 +0900
commita8107c332f110bf4c94566c93305c371b4c73b72 (patch)
treefd1f52499c732a5ab989f951d5f05b169e1d827b
parent76ef0cc47c8bbb03ae4f32680515aedf484ec5f8 (diff)
downloadtdevelop-a8107c332f110bf4c94566c93305c371b4c73b72.tar.gz
tdevelop-a8107c332f110bf4c94566c93305c371b4c73b72.zip
Security: remove support for in KRun which could have allowed execution of malicious code. This is similar to issue TDE/tdelibs#45 for .desktop files.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it> (cherry picked from commit 4f961d77d6da693c51c5be16366dc172b45c96e0)
-rw-r--r--lib/widgets/kdevhtmlpart.cpp19
1 files changed, 1 insertions, 18 deletions
diff --git a/lib/widgets/kdevhtmlpart.cpp b/lib/widgets/kdevhtmlpart.cpp
index 35b2216f..a8520e30 100644
--- a/lib/widgets/kdevhtmlpart.cpp
+++ b/lib/widgets/kdevhtmlpart.cpp
@@ -259,24 +259,7 @@ TQString KDevHTMLPart::resolveEnvVarsInURL(const TQString& url)
// Note: the while loop below is a copy of code in tdecore/tdeconfigbase.cpp ;)
while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(path.length())) {
// there is at least one $
- if( (path)[nDollarPos+1] == '(' ) {
- uint nEndPos = nDollarPos+1;
- // the next character is no $
- while ( (nEndPos <= path.length()) && (path[nEndPos]!=')') )
- nEndPos++;
- nEndPos++;
- TQString cmd = path.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
-
- TQString result;
- FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
- if (fs)
- {
- TQTextStream ts(fs, IO_ReadOnly);
- result = ts.read().stripWhiteSpace();
- pclose(fs);
- }
- path.replace( nDollarPos, nEndPos-nDollarPos, result );
- } else if( (path)[nDollarPos+1] != '$' ) {
+ if( (path)[nDollarPos+1] != '$' ) {
uint nEndPos = nDollarPos+1;
// the next character is no $
TQString aVarName;