a.in.diff (escaping system/open calls)

From: Leonard den Ottolander <leonard den ottolander nl>
To: MC Devel <mc-devel gnome org>
Subject: a.in.diff (escaping system/open calls)
Date: Fri, 20 Aug 2004 19:38:43 +0200

Hi,

Ok, a.in checked for missing escapes on calls to system and opens
that spawn a shell. See attached a.in.diff.

One question: What's the "1;" at the end of the file? Can it be removed?

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research

--- a.in.000	2002-12-11 21:57:00.000000000 +0100
+++ a.in	2004-08-20 19:35:34.000000000 +0200
@@ -15,7 +15,8 @@ $mdir = "mdir -a";
 $mcopy = "mcopy -noQ";
 
 $0 =~ s|.*/||;
-$disk = $0;
+$qdisk = $0;
+$qdisk =~ s/([^\w\/.+-])/\\$1/g;
 
 $ENV{MTOOLS_DATE_STRING} = "mm-dd-yyyy";
 $ENV{MTOOLS_TWENTY_FOUR_HOUR_CLOCK} = "1";
@@ -29,29 +30,33 @@ SWITCH: for ( $ARGV[0] ) {
   /mkdir/ && do {
     shift; shift;
     exit 1 if scalar(@ARGV) != 1;
-    system("$mmd $disk:/$ARGV[0] >/dev/null");
+    system("$mmd $qdisk:/$ARGV[0] >/dev/null");
     exit 0; };
   /rmdir/ && do {
     shift; shift;
     exit 1 if scalar(@ARGV) != 1;
-    system("$mrd $disk:/$ARGV[0] >/dev/null");
+    system("$mrd $qdisk:/$ARGV[0] >/dev/null");
     exit 0; };
   /rm/ && do {
     shift; shift;
     exit 1 if scalar(@ARGV) != 1;
-    system("$mdel $disk:/$ARGV[0] >/dev/null");
+    system("$mdel $qdisk:/$ARGV[0] >/dev/null");
     exit 0; };
   /copyout/ && do {
     shift; shift;
     exit 1 if scalar(@ARGV) != 2;
-    ( $src, $dest ) = @ARGV;
-    system("$mcopy $disk:/$src $dest >/dev/null");
+    ( $qsrc, $qdest ) = @ARGV;
+    $qsrc =~ s/([^\w\/.+-])/\\$1/g;
+    $qdest =~ s/([^\w\/.+-])/\\$1/g;
+    system("$mcopy $qdisk:/$qsrc $qdest >/dev/null");
     exit 0; };
   /copyin/ && do {
     shift; shift;
     exit 1 if scalar(@ARGV) != 2;
     ( $dest, $src ) = @ARGV;
-    system("$mcopy $src $disk:/$dest >/dev/null");
+    $qsrc =~ s/([^\w\/.+-])/\\$1/g;
+    $qdest =~ s/([^\w\/.+-])/\\$1/g;
+    system("$mcopy $qsrc $qdisk:/$qdest >/dev/null");
     exit 0; };
   /.*/ && do {                               # an unfamiliar command
     exit 1; };
@@ -59,11 +64,12 @@ SWITCH: for ( $ARGV[0] ) {
 
 sub get_dirs {
   my ($path, $name, $size, $date, $time, $longname, @lst, @rv);
-
   $path = shift(@_);
+  my $qpath = $path;
+  $qpath =~ s/([^\w\/.+-])/\\$1/g;
   @rv = ();
 
-  open(FILE,"$mdir $disk:/$path |");
+  open(FILE,"$mdir $qdisk:/$qpath |");
   while ( <FILE> ) {
     chomp();
     /^ / && next;                            # ignore `non-file' lines

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]