Dirk Griesbach <spamt...@freenet.de> a écrit :
Package: gajim Version: 0.13.3-1 Severity: normal Hi, if opening special formed text in a chat window with right click -> action->wikipedia, or one of the other stuff, the action is not performed right if the marked text includes e.g. an odd number of " or other shell-sensitive characters like ' or #. Depending on the String gajim throws an error message, does open a single tab in the browser for every space-separated word or does some other weired stuff. This is because gajim builds the command to open such a action without sanitizing the input and executes exec_command() from commom/helpers.py with shell=True. So the underlaying shell gets all the unescaped characters. IMHO the best way would be to use subprocess.Popen together with shlex.split() as mentioned in [1] and shell=False in exec_command() to solve this issue. Input sanitizing would therefore become no longer necessary, phrases with spaces would be no problem, the code would be clean and mean and the world would become a better, a safer place. ;-) I tried to quick and dirty patch gajim this way, but sadly it had some side effects on e.g. playing sound or opening the file manager because of the current way the commands are build, so I dismissed the changes. (Mostly because of time constraints which prohibited a deeper investigation.) Greetings Dirk
Moreover, I don't have any problem when I select some text with " or ' or #, right clich it and select lookup in dictionarry. It goes to the url correctly.
-- Yann ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
