[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] externals-release/org a8006ea580: * lisp/ob-latex.el: Fix command
From: |
ELPA Syncer |
Subject: |
[elpa] externals-release/org a8006ea580: * lisp/ob-latex.el: Fix command injection vulnerability |
Date: |
Sun, 12 Mar 2023 07:59:12 -0400 (EDT) |
branch: externals-release/org
commit a8006ea580ed74f27f974d60b598143b04ad1741
Author: Xi Lu <lx@shellcodes.org>
Commit: Ihor Radchenko <yantar92@posteo.net>
* lisp/ob-latex.el: Fix command injection vulnerability
(org-babel-execute:latex):
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.
TINYCHANGE
---
lisp/ob-latex.el | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/lisp/ob-latex.el b/lisp/ob-latex.el
index a2c24b3d9b..ce39628d64 100644
--- a/lisp/ob-latex.el
+++ b/lisp/ob-latex.el
@@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
(if (string-suffix-p ".svg" out-file)
(progn
(shell-command "pwd")
- (shell-command (format "mv %s %s"
- (concat (file-name-sans-extension
tex-file) "-1.svg")
- out-file)))
+ (rename-file (concat (file-name-sans-extension tex-file)
"-1.svg")
+ out-file t))
(error "SVG file produced but HTML file requested")))
((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
(if (string-suffix-p ".html" out-file)
- (shell-command "mv %s %s"
- (concat (file-name-sans-extension tex-file)
- ".html")
- out-file)
- (error "HTML file produced but SVG file requested")))))
+ (rename-file (concat (file-name-sans-extension tex-file)
".html")
+ out-file t)
+ (error "HTML file produced but SVG file requested")))))
((or (string= "pdf" extension) imagemagick)
(with-temp-file tex-file
(require 'ox-latex)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [elpa] externals-release/org a8006ea580: * lisp/ob-latex.el: Fix command injection vulnerability,
ELPA Syncer <=