GNOME.org
 

theme file types

Hi all,

 This has been brought up before a lot in the past, but doesn't seem to
have been acted on, so I thought I'd bring it up again.  Yes, this is
definitely a post 2.6 issue.  ;-)

 The problem is that the meta-theme files are always recognized as
normal .tar.gz files.  Which, of course, they *are*.  The problem is,
however, that when downloading them from a website or clicking them in
Nautilus, you get file-roller (or whichever archiver you're using),
which isn't very helpful.  Sure, the techies know to unpack them in
~/.themes (and icon themes in ~/.icons), but new users probably don't.

 I would rather see a gnome-theme-installer recognize the files and
install them nicely, the same as if you used the gnome-theme-properties
program to install the files.  The installer should be able to recognize
icon thems (even if they're packed in with metacity/gtk/etc themes) as
well.

 For recognizing the file type, we should just have a new extension on
mime type.  Something like application/x-meta-theme and the extension
.theme.  The former will allow our theoretical attribute-based file
system to work, and the later will work on real-life machines today. 
;-)

 Also, a side question about the code in the theme switcher I saw while
trying to figure out if I could manage the above on my own.  I see this
line:
 g_snprintf(s, sizeof(s),
   "gzip -d -c < %s | (cd %s ; tar -xf -)",
   file, th);

 The way I'm reading that, a malicious user could construct a theme file
name in such a way that the shell will do evil things.  Such a file name
that will work on pretty much any Fedora system, likely many others as
well (due to existence of .xsession-errors):
 $ touch ./'.xsession-errors ; rm -fr $HOME; echo 1'
 This can be launched/opened by downloading the file in, say, Epiphany,
and then clicking the "Open" action.

 Is it just me not noticing how this problem is avoided?  If not, I'll
file a bug.
-- 
Sean Middleditch <elanthis awesomeplay com>
AwesomePlay Productions, Inc.
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]