Репозитории ALT
5.1: | 4.64L-alt6 |
4.1: | 4.64L-alt5 |
4.0: | 4.64L-alt4.1 |
3.0: | 4.58L-alt4 |
+backports: | 4.64L-alt0.M30.4 |
Группа :: Сети/Почта
Пакет: pine
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: pine-urlquote.patch
Скачать
Скачать
This patch changes pine's URL passing for external programs to not use
_URL_ in the argument string but use the environment variable "URL" for
that. Certainly SUSE-specific now.
--- pine4.64/pine/mailview.c
+++ pine4.64/pine/mailview.c
@@ -5121,146 +5121,52 @@
int rv = 0;
url_tool_t f;
#define URL_MAX_LAUNCH (2 * MAILTMPLEN)
+#define _URL_EXPANSION "\"$URL\""
if(handle->h.url.tool){
- char *toolp, *cmdp, *p, *q, cmd[URL_MAX_LAUNCH + 4];
- char *left_double_quote, *right_double_quote;
- int mode, quotable = 0, copied = 0, double_quoted = 0;
- int escape_single_quotes = 0;
+ char *toolp, *cmdp, *endp, cmd[URL_MAX_LAUNCH + 1];
+ int mode, len, copied = 0;
PIPE_S *syspipe;
toolp = handle->h.url.tool;
/*
- * Figure out if we need to quote the URL. If there are shell
- * metacharacters in it we want to quote it, because we don't want
- * the shell to interpret them. However, if the user has already
- * quoted the URL in the command definition we don't want to quote
- * again. So, we try to see if there are a pair of unescaped
- * quotes surrounding _URL_ in the cmd.
- * If we quote when we shouldn't have, it'll cause it not to work.
- * If we don't quote when we should have, it's a possible security
- * problem (and it still won't work).
- *
- * In bash and ksh $( executes a command, so we use single quotes
- * instead of double quotes to do our quoting. If configured command
- * is double-quoted we change that to single quotes.
- */
-#ifdef _WINDOWS
- /*
- * It should be safe to not quote any of the characters from the
- * string below. It was quoting with '?' and '&' in a URL, which is
- * unnecessary. Also the quoting code below only quotes with
- * ' (single quote), so we'd want it to at least do double quotes
- * instead, for Windows.
+ * Rather than trying to be smart about quoting and
+ * meta-characters, just stuff the URL into an environment
+ * variable and make the handler use it.
*/
- if(toolp)
- quotable = 0; /* always never quote */
- else
-#endif
- /* quote shell specials */
- if(strpbrk(handle->h.url.path, "&*;<>?[]|~$(){}") != NULL){
- escape_single_quotes++;
- if((p = strstr(toolp, "_URL_")) != NULL){ /* explicit arg? */
- int in_quote = 0;
-
- /* see whether or not it is already quoted */
-
- quotable = 1;
-
- for(q = toolp; q < p; q++)
- if(*q == '\'' && (q == toolp || q[-1] != '\\'))
- in_quote = 1 - in_quote;
-
- if(in_quote){
- for(q = p+5; *q; q++)
- if(*q == '\'' && q[-1] != '\\'){
- /* already single quoted, leave it alone */
- quotable = 0;
- break;
- }
- }
- if(quotable){
- in_quote = 0;
- for(q = toolp; q < p; q++)
- if(*q == '\"' && (q == toolp || q[-1] != '\\')){
- in_quote = 1 - in_quote;
- if(in_quote)
- left_double_quote = q;
- }
-
- if(in_quote){
- for(q = p+5; *q; q++)
- if(*q == '\"' && q[-1] != '\\'){
- /* we'll replace double quotes with singles */
- double_quoted = 1;
- right_double_quote = q;
- break;
- }
- }
- }
- }
- else
- quotable = 1;
- }
- else
- quotable = 0;
+ setenv("URL", handle->h.url.path, 1);
/* Build the command */
cmdp = cmd;
- while(cmdp-cmd < URL_MAX_LAUNCH)
- if((!*toolp && !copied)
- || (*toolp == '_' && !strncmp(toolp + 1, "URL_", 4))){
+ endp = cmd + sizeof(cmd) - 1;
+ do {
+ if (cmdp + 1 > endp)
+ return(url_launch_too_long(rv));
+
+ if (!*toolp && !copied) {
/* implicit _URL_ at end */
- if(!*toolp)
- *cmdp++ = ' ';
+ *endp++ = ' ';
+ toolp = "_URL_";
+ }
+
+
+ if (strncmp(toolp, "_URL_", 5) != 0) {
+ *cmdp++ = *toolp++;
+ }
+ else {
+ toolp += 5; /* length of _URL_ */
- /* add single quotes */
- if(quotable && !double_quoted && cmdp-cmd < URL_MAX_LAUNCH)
- *cmdp++ = '\'';
-
- copied = 1;
- /*
- * If the url.path contains a single quote we should escape
- * that single quote to remove its special meaning.
- * Since backslash-quote is ignored inside single quotes we
- * close the quotes, backslash escape the quote, then open
- * the quotes again. So
- * 'fred's car'
- * becomes 'fred'\''s car'
- */
- for(p = handle->h.url.path;
- p && *p && cmdp-cmd < URL_MAX_LAUNCH; p++){
- if(escape_single_quotes && *p == '\''){
- *cmdp++ = '\''; /* closing quote */
- *cmdp++ = '\\';
- *cmdp++ = '\''; /* opening quote comes from p below */
- }
+ if (cmdp + sizeof(_URL_EXPANSION) - 1 > endp)
+ return(url_launch_too_long(rv));
- *cmdp++ = *p;
- }
-
- if(quotable && !double_quoted && cmdp-cmd < URL_MAX_LAUNCH){
- *cmdp++ = '\'';
- *cmdp = '\0';
- }
-
- if(*toolp)
- toolp += 5; /* length of "_URL_" */
- }
- else{
- /* replace double quotes with single quotes */
- if(double_quoted &&
- (toolp == left_double_quote || toolp == right_double_quote)){
- *cmdp++ = '\'';
- toolp++;
- }
- else if(!(*cmdp++ = *toolp++))
- break;
+ sstrcpy(&cmdp, _URL_EXPANSION);
+ copied = 1;
}
+ } while (*toolp);
if(cmdp-cmd >= URL_MAX_LAUNCH)
return(url_launch_too_long(rv));