evolution r35700 - trunk/plugins/backup-restore

From: msuman svn gnome org
To: svn-commits-list gnome org
Subject: evolution r35700 - trunk/plugins/backup-restore
Date: Mon, 30 Jun 2008 03:47:35 +0000 (UTC)
Author: msuman
Date: Mon Jun 30 03:47:34 2008
New Revision: 35700
URL: http://svn.gnome.org/viewvc/evolution?rev=35700&view=rev

Log:
Patch from Tobias Mueller  <muelli auftrags-killer org> ** Fix for bug #540516 (Fix for a vulnerability issue).

Modified:
   trunk/plugins/backup-restore/ChangeLog
   trunk/plugins/backup-restore/backup.c

Modified: trunk/plugins/backup-restore/backup.c
==============================================================================
--- trunk/plugins/backup-restore/backup.c	(original)
+++ trunk/plugins/backup-restore/backup.c	Mon Jun 30 03:47:34 2008
@@ -62,9 +62,11 @@
 backup (const char *filename)
 {
 	char *command;
+	char *quotedfname;
 
 	g_return_if_fail (filename && *filename);
-
+	quotedfname = g_shell_quote(filename);
+	
 	CANCEL (complete);
 	txt = _("Shutting down Evolution");
 	/* FIXME Will the versioned setting always work? */
@@ -81,9 +83,10 @@
 	/* FIXME compression type?" */
 	/* FIXME date/time stamp?" */
 	/* FIXME backup location?" */
-	command = g_strdup_printf ("cd $HOME && tar cf - .evolution .camel_certs | gzip > %s", filename);
+	command = g_strdup_printf ("cd $HOME && tar cf - .evolution .camel_certs | gzip > %s", quotedfname);
 	s (command);
 	g_free (command);
+	g_free (quotedfname);
 
 	txt = _("Backup complete");
 
@@ -102,9 +105,11 @@
 restore (const char *filename)
 {
 	char *command;
-
+	char *quotedfname;
+	
 	g_return_if_fail (filename && *filename);
-
+	quotedfname = g_shell_quote(filename);
+	
 	/* FIXME Will the versioned setting always work? */
 	CANCEL (complete);
 	txt = _("Shutting down Evolution");
@@ -117,9 +122,10 @@
 
 	CANCEL (complete);
 	txt = _("Extracting files from backup");
-	command = g_strdup_printf ("cd $HOME && gzip -cd %s| tar xf -", filename);
+	command = g_strdup_printf ("cd $HOME && gzip -cd %s| tar xf -", quotedfname);
 	s (command);
 	g_free (command);
+	g_free (quotedfname);
 
 	CANCEL (complete);
 	txt = _("Loading Evolution settings");
@@ -144,10 +150,12 @@
 check (const char *filename)
 {
 	char *command;
+	char *quotedfname;
 
 	g_return_if_fail (filename && *filename);
-
-	command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/$\"", filename);
+	quotedfname = g_shell_quote(filename);
+	
+	command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/$\"", quotedfname);
 	result = system (command);
 	g_free (command);
 
@@ -155,10 +163,11 @@
 	if (result)
 		exit (result);
 
-	command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/%s$\"", filename, GCONF_DUMP_FILE);
+	command = g_strdup_printf ("tar ztf %s | grep -e \"^\\.evolution/%s$\"", quotedfname, GCONF_DUMP_FILE);
 	result = system (command);
 	g_free (command);
-
+	g_free (quotedfname);
+	
 	g_message ("Second result %d", result);
 
 }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]