Hi Rainer,
Rainer.Scherg@rexroth.de wrote:
>
> Mhh,
>
> found a small bug, again:
>
> file fs.c:
>
> sprintf(filtercmd, "%s \'%s\'",filterprog,e->filename);
> fp = popen (filtercmd,"r");
>
> %s in sprintf has to be quoted, so filenames like
> "file with blanks.doc" (Samba-ounts, PC/windows) will be indexed correctly.
>
> This fix should als be applied to http.c. There may be no blanks, but
> other harmful/meta- characters to a shell. It may be a security hole.
>
> sprintf(filtercmd,"%s \'%s\'
> \'%s\'",filterprog,buffer,item->url);
>
Good work!!
cu
Jose
Received on Mon Jun 19 03:58:48 2000