On May 20 2017, Markus Koschany <a...@debian.org> wrote:
> On Fri, 19 May 2017 16:26:03 -0700 Nikolaus Rath <nikol...@rath.org> wrote:
>> On May 20 2017, Markus Koschany <a...@debian.org> wrote:
>> > Am 19.05.2017 um 23:23 schrieb Chris Lamb:
>> >> tags 862593 + patch
>> >> thanks
>> >>
>> >> The archive gets overwritten as the test to see whether it already exists
>> >> (to determine whether to create a new one or simply add a new file) uses
>> >> an escaped path.
>> >>
>> >> Patch attached.
>> >
>> > I came to a similar conclusion but I wondered whether the real issue is
>> > the wrongly escaped path.
>> [...]
>>
>> Why is there a need for any escaping at all? I would have expected that
>> tar/xz/whatever is invoked directly, but this almost sounds if
>> xarchiver goes through a shell..?!
>
> As in the description: Xarchiver is a GUI frontend for various separate
> tools which are invoked by Xarchiver. The program must ensure that
> characters in filenames and archive names are properly escaped when it
> passes them to the respective tools like tar or 7z.
Sorry, I still do not understand. Why is there a need to escape
filenames when calling other tools? For example,
execve("/usr/bin/tar", { "cf", "compl cated.tar", NULL });
should work perfectly fine without any need for escaping.
Best,
-Nikolaus
--
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F
»Time flies like an arrow, fruit flies like a Banana.«
