Skip to main content.
home | support | download

Back to List Archive

Re: SWISH-E 2.4.4 filters can not locate files

From: David L Norris <dave(at)not-real.webaugur.com>
Date: Wed Oct 18 2006 - 13:33:24 GMT
On Tue, 2006-10-17 at 08:29 +0200, Ludovic Drolez wrote:
> On the contrary, the quoting is done to avoid problem with quotes in
> filenames (before that I was unable to index files with single quotes or
> double quotes, and specialy crafted filenames could lead to arbitrary
> command invocations :-( ).

Right, a file named something like '/path/to/'&& rm -Rf /'&&echo .pdf'
could erase files.

> Maybe something needs to be updated in the docs ?

Yes, ultimately the problem is that people are still using quotes around
filenames in their Filefilter directive.  Even if we switched to
fork-exec users would need to stop single-quoting their filenames in
that way.

-- 
 David L Norris
  http://webaugur.com/
  ICQ - 412039
Received on Wed Oct 18 06:33:31 2006