There's a possible problem in dmenu_path, that will never be seen as
long as the systems on which it is used have sane directory names in
the PATH.
IFS=:
stest -dqr -n "$cache" $PATH
With the unquoted $PATH, we do get word splitting due to IFS, but we
also get file name glob expansion. So if someone decides to put a
directory name with a * or a ? or a character class, we may get bad
results. (No I have never seen this, I really hope I never see this,
but it is allowed.)
Adding set -f will disable pathname expansions. I've attached the patch.
-emg
Received on Mon Sep 30 2013 - 18:44:25 CEST