lilypond-auto
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] #5342 lilypond


From: Auto mailings of changes to Lily Issues via Testlilyissues-auto
Subject: [Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] #5342 lilypond-invoke-editor only should only handle textedit URIs
Date: Mon, 11 Jun 2018 17:28:57 -0000

Gabriel Corona - 2018-06-03

The Firefox -remote OpenURL(...) in many different programs is a remain from a long past. I doesn't work on recent versions of Firefox (and I think it has not been working for quite a few years).

If you checkout on aee02594be68a968bb843f87d3264777099e46b4 you still have this vulnerable code:

    (define (run-browser uri)
      (system
       (if (getenv "BROWSER")
           (format #f "~a ~a" (getenv "BROWSER") uri)
           (format #f "firefox -remote 'OpenURL(~a,new-tab)'" uri))))

[issues:#5342] lilypond-invoke-editor only should only handle textedit URIs

Status: New
Created: Mon Jun 11, 2018 05:26 PM UTC by pkx166h
Last Updated: Mon Jun 11, 2018 05:26 PM UTC
Owner: nobody

This came out of both

https://sourceforge.net/p/testlilyissues/issues/5243/

and

https://sourceforge.net/p/testlilyissues/issues/5334/

From Knut Petersen - 2018-06-03

I think that lilypond-invoke-editor only should only handle textedit URIs. It might be a good idea to have a 2nd look at the patch I suggested in 2017.

https://codereview.appspot.com/336240043
https://sourceforge.net/p/testlilyissues/issues/5243/

On top of current master
git revert aee02594be68a968bb843f87d3264777099e46b4
git revert 39f800a7e5acb7cc5da6424c99fd2690e389495a
git revert 807f5eb8cd631133da3be6897e3e8fa7202e089d
wget https://codereview.appspot.com/download/issue336240043_60001.diff
would be needed to for a test build.

In 2017 one objection was that my patch does not change the code in lily.scm ... do you we really need to change that code? I don't see a problem as the code is executed by lilypond, we give the arguments. But maybe I don't have the imagination to see a security hole ...


Sent from sourceforge.net because address@hidden is subscribed to https://sourceforge.net/p/testlilyissues/issues/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/testlilyissues/admin/issues/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Testlilyissues-auto mailing list
address@hidden
https://lists.sourceforge.net/lists/listinfo/testlilyissues-auto

reply via email to

[Prev in Thread] Current Thread [Next in Thread]