On Sun, 4 May 2014 18:52:25 +0800
Chris Down <chris_AT_chrisdown.name> wrote:
> FRIGN writes:
> > A configuration can look like this:
> >
> > { "\.mp3", "st -e mplayer %s" },
> > { "\.(jpg|png|tiff)$", "feh %s" },
> > { "\.gif", "wget -O /tmp/tmp.gif %s && gifview -a /tmp/tmp.gif" },
> > { "^(http://|https://)?(www\.)?(youtube.com/watch\?|youtu\.be/)", "youtube-viewer %s" }
>
> What happens if you unwittingly open "; rm -rf /; .jpg"? I'm not sure
> system() is really a good idea here.
That's definitely a good point. However, fortifying the regexes to
strictly match URIs solves this problem instantly (Hell, just check for
spaces!).
Cheers
FRIGN
--
FRIGN <dev_AT_frign.de>
Received on Sun May 04 2014 - 13:19:40 CEST