-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jens Peter Secher pisze:
> 2009/9/17 Marek Grzybowski <marek.grzybow...@atm.com.pl>:
>> Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs
>> should be safe to:
>>
>> His patch:
>>
> [...]
>> + my $realfile_esc = &escape_shell_chars ($realfile);
> [...]
>> - `cp $realfile $compfile`;
>> + `cp $realfile_esc $compfile_esc`;
> [...]
>> +sub escape_shell_chars
>> +{
>> + my $arg = shift;
>> + $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
>> + return $arg;
>> +}
>
> This is not going work. When $realfile_esc is different from
> $realfile, then it makes no sense to copy the non-existent
> $realfile_esc. I will go for the solution of rejecting weird file
> names.
I'm sorry, but it works. $realfile_esc is translated back by shell to
it's original filename and target program (cp in this case) opens $realfile.
Of course, rejecting weird names is also solution, but after such modification
changetrack
still will not handle correctly files with characters mentioned above (
sometimes these filenames
are created by not malicious user e.g. filenames with spaces)
- --
Andrzej Lemieszek - Zespół Wsparcia Systemów i Aplikacji
ATM S.A., ul. Grochowska 21a, 04-186 Warszawa, Poland; http://www.atm.com.pl
tel. +48 22 5156357; PGP key ID: 0xD8A5913F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iGUEARECACUFAkqyofceGGhrcDovL3Bvb2wuc2tzLWtleXNlcnZlcnMubmV0AAoJ
EFA6R1rYpZE/rS0An0HMDJS4CRgP0NCm7eIVpAwyqT9GAJ9VP7LSuKvprN9kbi10
KhbumazHbw==
=c4HU
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
