On Thu, Jul 06, 2006 at 11:22:14PM +0200, Steinar H. Gunderson wrote: > This patch is clearly bogus; it fails on any filename having ' in it. You'll > either have to do much more thorough escaping, or use something that doesn't > put it through shell splitting/escaping (like fork() + execlp()).
Oh, and it's also incomplete; there are other system() calls there that need to be addressed. Some of them are harder, though, like the ones using ">" so they obviously need to go through a shell. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
