diff options
Diffstat (limited to 'media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff')
-rw-r--r-- | media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff b/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff new file mode 100644 index 000000000000..730504fb43f6 --- /dev/null +++ b/media-gfx/xloadimage/files/xloadimage-4.1-zio-shell-meta-char.diff @@ -0,0 +1,36 @@ +--- xloadimage.4.1/zio.c 1993-10-28 17:10:02.000000000 +0000 ++++ xloadimage.4.1/zio.c 2005-02-28 15:32:05.895470680 +0000 +@@ -210,9 +211,30 @@ + if ((strlen(name) > strlen(filter->extension)) && + !strcmp(filter->extension, + name + (strlen(name) - strlen(filter->extension)))) { +- debug(("Filtering image through '%s'\n", filter->filter)); +- zf->type= ZPIPE; +- sprintf(buf, "%s %s", filter->filter, name); ++ char *fname, *t, *s; ++ ++ /* meta-char protection from xli. ++ * ++ * protect in single quotes, replacing single quotes ++ * with '"'"', so worst-case expansion is 5x ++ */ ++ ++ s = fname = (char *) lmalloc(1 + (5 * strlen(name)) + 1 + 1); ++ *s++ = '\''; ++ for (t = name; *t; ++t) { ++ if ('\'' == *t) { ++ /* 'foo'bar' -> 'foo'"'"'bar' */ ++ strcpy(s, "'\"'\"'"); ++ s += strlen(s); ++ } else { ++ *s++ = *t; ++ } ++ } ++ strcpy (s, "'"); ++ debug(("Filtering image through '%s'\n", filter->filter)); ++ zf->type= ZPIPE; ++ sprintf(buf, "%s %s", filter->filter, fname); ++ lfree (fname); + if (! (zf->stream= popen(buf, "r"))) { + lfree((byte *)zf->filename); + zf->filename= NULL; |