Bug#773085: Regression in escaped url handling with patch applied for #773085

Sat, 03 Jan 2015 14:27:27 -0800 

 ❦  3 janvier 2015 17:31 +0100, Salvatore Bonaccorso <car...@debian.org> :

> Steps for reproducing the issue:
>
> $ xdg-mime default chromium.desktop x-scheme-handler/http
> $ xdg-mime query default x-scheme-handler/http
> chromium.desktop
> $ DE='generic' XDG_CURRENT_DESKTOP="" xdg-open 
> 'http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=xdg-utils&repeatmerged=no'
>
> Without the patch applied, the page correctly is opened. If doing so
> the same with the applied patch chromium get passed as argument
> '$sed_escaped_url', and xdg-open executes /usr/bin/chromium
> '$sed_escaped_url'.

I don't understand how the proposed patch would work. $arg_one (or
$sed_escaped_url) is singly quoted and therefore cannot be
expanded.

If I modify the first chunk of the patch, it works as expected:

arguments_exec="$(echo "$arguments" | sed -e 
's*%[fFuU]*'"$sed_escaped_url"'*g')"

(this is not like the initial chunk, I don't quote the argument.

xdg-open 'http://www.example.com/$(xterm)' works as expected.

However, the whole stuff is quite fragile. I can't say for sure if
spaces would do something good or bad, but a star would not work. Here
is an improved version which is easier to understand.

#+begin_src sh
file=/usr/share/applications/chromium.desktop

# Safe quoting. We just enclose into single quotes the given argument
# and escape single quotes.
quote() {
    printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/"
}

arg="$1"
set -- $(sed -n 's/^Exec\(\[[^]]*\]\)\{0,1\}=//p' "$file")
cmd="$(which "$1" 2> /dev/null)"
[ -n "$cmd" ] || exit 2
shift
args=""
while [ $# -gt 0 ]; do
    case $1 in
        %[fFuU])
            args="$args $(quote "$arg")"
            ;;
        *)
            args="$args $(quote "$1")"
            ;;
    esac
    shift
done
"$cmd" $args
#+end_src

The "set" is just here to let the shell do the quoting. If no
replacement was needed, we could just "$cmd" "$@" after the first shift
and be done. Unfortunately, with just a POSIX shell, the replacement of
the positional argument is difficult. Instead, we build the list of args
by quoting correctly each of them. Then, it can be executed.

Using bash would be more straightforward since we could stack our
arguments into an array and modify this array to substitute %U and the
like.
-- 
The surest protection against temptation is cowardice.
                -- Mark Twain

Attachment: signature.asc
Description: PGP signature

Reply via email to