Re: [PATCH] Fix ob-latex.el command injection vulnerability.

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix ob-latex.el command injection vulnerability.

From:	Max Nikulin
Subject:	Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Date:	Sat, 18 Feb 2023 18:15:48 +0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1

On 18/02/2023 17:08, lux wrote:

-              (shell-command (format "mv %s %s" img-out out-file)))))
+              (shell-command (format "mv %s %s" (shell-quote-argument img-out) 
(shell-quote-argument out-file))))))


Thank you for the patch. Certainly it is an improvement.

Is there any reason why `rename-file' should be avoided here? I justhave discovered this function, so I am unaware of possible pitfalls.


(info "(elisp) Changing-Files")
https://www.gnu.org/software/emacs/manual/html_node/elisp/Changing-Files.html#index-rename_002dfile

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/02/18
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Max Nikulin <=
  - Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/02/18
    - Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/02/18
    - Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/02/18

Prev by Date: [FR] ox-latex: Display exit status of LaTeX compilation command (was: Bug: org-latex-export-to-pdf does not remove .tex file [9.4 (9.4-elpa @ /home/bruno/.emacs.d/elpa/org-9.4/)])
Next by Date: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Previous by thread: [PATCH] Fix ob-latex.el command injection vulnerability.
Next by thread: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Index(es):
- Date
- Thread