Package: ratmenu Version: 2.3.9 Severity: normal Hello Ted,
The ratmenu menu-method do: function file($sec)=tolower(replacewith($sec,"/ ","..") ".menu"); submenutitle=ratcmd() quote($section"/") space() prefix() file($section); This means that 'prefix() file($section)' will appear in a shell script. However $section might include some shell-metacharacter (especially the translations). I would suggest you change ' to . with function file($sec)=tolower(replacewith($sec,"/ '","...") ".menu"); and you wrap prefix() file($section) with "'": submenutitle=ratcmd() quote($section"/") space() "'" prefix() file($section) "'"; However there is another minor issue with the quote($section"/") part, since section might include " or $ etc. You could changue quote to function quote($text)="'" escwith($text,"'","'\\'") "'"; to use '' instead of "" quotes. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
