[mythtv-commits] Ticket #10677: Safely escape shell arguments
MythTV
noreply at mythtv.org
Wed May 2 05:14:57 UTC 2012
#10677: Safely escape shell arguments
------------------------------+-----------------------------
Reporter: github@… | Owner:
Type: Patch - Bug Fix | Status: closed
Priority: minor | Milestone: unknown
Component: MythTV - General | Version: Master Head
Severity: medium | Resolution: Won't Fix
Keywords: | Ticket locked: 0
------------------------------+-----------------------------
Comment (by wagnerrp):
As explained already, "shell escaping" is exactly as it sounds, escaping
terms that would otherwise be handled improperly by a shell interpreter.
You get rid of the shell interpreter, pass the arguments directly into the
application yourself, and there is nothing left to do those "bad things"
you are suggesting. In cases where the MythSystem() user supplies the
arguments with a QStringList, and the kMSNoRunShell flag, this is
precisely what happens. The MythSystem class bypasses the shell
interpreter, and calls the application directly with an execv() system
call.
What I am suggesting is that instead of bothering with escaping anything,
just perform our own internal argument splitting to handle all the
remaining cases, and bypass the issue entirely.
--
Ticket URL: <http://code.mythtv.org/trac/ticket/10677#comment:5>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center
More information about the mythtv-commits
mailing list