2: fixup! org-man-open: Fix shell expansion vulnerability (Emacs bug#66390)

ELPA Syncer Thu, 11 Jan 2024 07:48:55 -0800

branch: externals-release/org
commit 4145ee42115c31b37c892dc28d75a8fd601d31b0
Author: Ihor Radchenko <yanta...@posteo.net>
Commit: Ihor Radchenko <yanta...@posteo.net>


    fixup! org-man-open: Fix shell expansion vulnerability (Emacs bug#66390)
    
    The escaped string is not necessary "\\;id" on Windows/DOS.
---
 lisp/ol-man.el | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lisp/ol-man.el b/lisp/ol-man.el
index 2a82889381..d3d7db0470 100644
--- a/lisp/ol-man.el
+++ b/lisp/ol-man.el
@@ -50,9 +50,9 @@ matched strings in man buffer."
   (let* ((command (match-string 1 path))
          ;; FIXME: Remove after we drop Emacs 29 support.
          ;; Working around security bug #66390.
-         (command (if (equal (Man-translate-references ";id") "\\;id")
-                      ;; We are on Emacs that properly escapes man
-                      ;; command args (see Emacs commit 820f0793f0b).
+         (command (if (not (equal (Man-translate-references ";id") ";id"))
+                      ;; We are on Emacs that escapes man command args
+                      ;; (see Emacs commit 820f0793f0b).
                       command
                     ;; Older Emacs without the fix - escape the
                     ;; arguments ourselves.

[elpa] externals-release/org 4145ee4211 2/2: fixup! org-man-open: Fix shell expansion vulnerability (Emacs bug#66390)

Reply via email to