lilypond-auto
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] Re: #5342 lily

From: Auto mailings of changes to Lily Issues via Testlilyissues-auto
Subject: [Lilypond-auto] [LilyIssues-auto] [testlilyissues:issues] Re: #5342 lilypond-invoke-editor only should only handle textedit URIs
Date: Mon, 11 Jun 2018 17:27:36 -0000

Gabriel Corona - 2018-06-03

See The Secure BROWSER Specification for some analysis on how the BROWSER variable could/should work.

https://www.dwheeler.com/browse/secure_browser.html

The BROWSER variable is not really specified and at least 3 different behaviors exist:

some programs use the BROWSER variable as a program to invoke;
some programs use the BROWSER variable as a colon-separated list of candidate programs to invoke;
some additionaly have support for %s-expansion.

Some programs some don't expand the program in several argument, some do expand the program in different arguments based on spaces, some pass the result to system (alowing shell commands in the BROWSER variable).

In contract, the .desktop spec clearly defines how the string should be split in different arguments.

https://standards.freedesktop.org/desktop-entry-spec/latest/ar01s07.html

[issues:#5342] lilypond-invoke-editor only should only handle textedit URIs

Status: New
Created: Mon Jun 11, 2018 05:26 PM UTC by pkx166h
Last Updated: Mon Jun 11, 2018 05:26 PM UTC
Owner: nobody

This came out of both

https://sourceforge.net/p/testlilyissues/issues/5243/

and

https://sourceforge.net/p/testlilyissues/issues/5334/

From Knut Petersen - 2018-06-03

I think that lilypond-invoke-editor only should only handle textedit URIs. It might be a good idea to have a 2nd look at the patch I suggested in 2017.

https://codereview.appspot.com/336240043
https://sourceforge.net/p/testlilyissues/issues/5243/

On top of current master
git revert aee02594be68a968bb843f87d3264777099e46b4
git revert 39f800a7e5acb7cc5da6424c99fd2690e389495a
git revert 807f5eb8cd631133da3be6897e3e8fa7202e089d
wget https://codereview.appspot.com/download/issue336240043_60001.diff
would be needed to for a test build.

In 2017 one objection was that my patch does not change the code in lily.scm ... do you we really need to change that code? I don't see a problem as the code is executed by lilypond, we give the arguments. But maybe I don't have the imagination to see a security hole ...

Sent from sourceforge.net because address@hidden is subscribed to https://sourceforge.net/p/testlilyissues/issues/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/testlilyissues/admin/issues/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Testlilyissues-auto mailing list
address@hidden
https://lists.sourceforge.net/lists/listinfo/testlilyissues-auto
reply via email to
[Prev in Thread] Current Thread [Next in Thread]