blob: da993821cd534898d7c1785fb821055bbb28f650 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
$NetBSD: patch-aa,v 1.1 2011/04/05 09:13:43 wiz Exp $
2008-01-24 Kevin Krammer <kevin.krammer@gmx.at>
* Fixing security issue in xdg-email and xdg-open at replacing
parameter in $BROWSER
diff --git a/scripts/xdg-email b/scripts/xdg-email
index 87f0fc0..3b07f5d 100755
--- a/scripts/xdg-email
+++ ./scripts/xdg-email
@@ -435,7 +435,8 @@ open_generic()
for browser in $BROWSER; do
if [ x"$browser" != x"" ]; then
- browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
+ IFS=' '
+ browser_with_arg=${browser//'%s'/"$1"}
if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
else $browser_with_arg;
@@ -495,7 +496,7 @@ while [ $# -gt 0 ] ; do
exit_failure_syntax "email address argument missing for --to"
fi
url_encode "$1"
- options="${options}to=${result}&"
+ options="${options}to=${result}&"
shift
;;
@@ -531,7 +532,7 @@ while [ $# -gt 0 ] ; do
exit_failure_syntax "text argument missing for --body option"
fi
url_encode "$1"
- options="${options}body=${result}&"
+ options="${options}body=${result}&"
shift
;;
@@ -575,7 +576,7 @@ done
if [ -z "${mailto}" ] ; then
# TO address is optional
- mailto="mailto:?"
+ mailto="mailto:?"
fi
case $mailto in
|
