[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix ob-latex.el command injection vulnerability.

From: lux
Subject: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Date: Sat, 11 Mar 2023 13:12:47 +0800
User-agent: Evolution 3.46.4 (3.46.4-1.fc37)

On Thu, 2023-03-09 at 12:22 +0000, Ihor Radchenko wrote:
> im-in-options and im-out-options, according to
> https://orgmode.org/worg/org-contrib/babel/languages/ob-doc-LaTeX.html
> ,
> are options passed to ImageMagick.
> However, for example, (shell-quote-argument "-enhance -strip") will
> return "-enhance\\ -strip", which is not what we want.
> Similar problem with other instances of `shell-command' in Org where
> header args supply command line arguments. Like in :cmdline.

I think there is only a need to deal with the problem of `\\ ', for

(string-replace "\\ " " " (shell-quote-argument im-in-options))

Any better suggestions? Thanks.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]