diff options
author | Jiri Slaby <jslaby@suse.cz> | 2013-05-20 13:55:34 +0200 |
---|---|---|
committer | Rex Dieter <rdieter@math.unl.edu> | 2013-05-20 11:09:08 -0500 |
commit | 2373d9b2b70652e447b413cde7939bff42fb960d (patch) | |
tree | ea7b27eed0c6a9b7afca304076587c374514a6c1 | |
parent | 050333e34e2fe7430ad2ead37e5a0420ac0c2a3e (diff) |
xdg-open: be more paranoid in escaping
When trying to open URLs like:
http://www.google.com/search?hl=en&q=HTTP+'M-SEARCH * HTTP/1.1\r\n'
we fail terribly in the generic case. \r and \n are replaced by line
feed+CR, * is replaced by the contents of the current directory.
So escape all those before used and expanded by sed. And also later
when invoking.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
-rw-r--r-- | scripts/xdg-open.in | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/scripts/xdg-open.in b/scripts/xdg-open.in index eda1cfb..0934142 100644 --- a/scripts/xdg-open.in +++ b/scripts/xdg-open.in @@ -135,16 +135,16 @@ search_desktop_file() command="`grep -E "^Exec(\[[^]=]*])?=" "$file" | cut -d= -f 2- | first_word`" command_exec=`which $command 2>/dev/null` arguments="`grep -E "^Exec(\[[^]=]*])?=" "$file" | cut -d= -f 2- | last_word`" - arg_one="`echo $arg | sed 's/&/\\\\&/g'`" - arguments_exec="`echo $arguments | sed -e 's*%[fFuU]*"'"$arg_one"'"*g'`" + arg_one="`echo "$arg" | sed 's/[&*\\]/\\\\&/g'`" + arguments_exec="`echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g'`" if [ -x "$command_exec" ] ; then - if echo $arguments | grep -iq '%[fFuU]' ; then - echo START $command_exec $arguments_exec - eval $command_exec $arguments_exec + if echo "$arguments" | grep -iq '%[fFuU]' ; then + echo START "$command_exec" "$arguments_exec" + eval "$command_exec" "$arguments_exec" else - echo START $command_exec $arguments_exec "$arg" - eval $command_exec $arguments_exec "$arg" + echo START "$command_exec" "$arguments_exec" "$arg" + eval "$command_exec" "$arguments_exec" "$arg" fi if [ $? -eq 0 ]; then |