Package: yatex
Version: 1.76+dfsg1-2
Severity: normal
File: /usr/share/emacs/site-lisp/yatex/yahtml.el
Running yahtml lint on a filename with a space in it fails. Eg.
(progn
(find-file "/tmp/x y.html")
(yahtml-mode)
(yahtml-lint-buffer (current-buffer)))
gets
Call `weblint x y.html'
Can't open x: No such file or directory at /usr/bin/weblint line 63.
I think yahtml-lint-buffer should quote the buffer filename for the
shell,
(concat (or bcmd yahtml-lint-program)
" " (shell-quote-argument (file-name-nondirectory
(buffer-file-name buf))))
A filename with spaces etc is unusual of course, but without quoting
like this a malicious filename could execute extra commands in the
shell.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-486
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Versions of packages yatex depends on:
ii emacs21 21.4a+1-5.7
ii emacs22-gtk [emacs22] 22.3+1-1.2
ii emacs23 23.4+1-3
ii install-info 4.13a.dfsg.1-10
ii xemacs21-mule 21.4.22-3.2
Versions of packages yatex recommends:
pn ptex-bin | ptex-jtex <none>
pn texlive-bin <none>
Versions of packages yatex suggests:
ii chimera2 [www-browser] 2.0a19-7
ii elinks-lite [www-browser] 0.12~pre5-8
pn gimageview <none>
ii iceape-browser [www-browser] 2.0.10-1
ii iceweasel [www-browser] 3.5.13-1
pn jbibtex <none>
ii links [www-browser] 0.99+1.00pre12-1sarge1
ii links2 [www-browser] 2.5-1
ii lynx-cur [www-browser] 2.8.8dev.12-1
ii netrik [www-browser] 1.16.1-1
ii texlive-binaries [mendexk] 2012.20120628-1
ii w3-el-e21 [www-browser] 4.0pre.2001.10.27.nodocs-5
ii w3m [www-browser] 0.5.3-5
ii weblint-perl [weblint] 2.20+dfsg-1
ii xemacs21-mule [www-browser] 21.4.22-3.2
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
