<table><tr><td style="">mdawson added a comment.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D22979">View Revision</a></tr></table><br /><div><div><p>LGTM. Regarding the test, if we want to get this change in asap due to the security focus I can submit a follow up patch re-adding it.</p></div></div><br /><div><strong>INLINE COMMENTS</strong><div><div style="margin: 6px 0 12px 0;"><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D22979#inline-129655">View Inline</a><span style="color: #4b4d51; font-weight: bold;">kconfigtest.cpp:530</span></div>
<div style="font: 11px/15px "Menlo", "Consolas", "Monaco", monospace; white-space: pre-wrap; clear: both; padding: 4px 0; margin: 0;"><div style="padding: 0 8px; margin: 0 4px; "> <span style="color: #aa2211"><<</span> <span style="color: #766510">"URL[$e]=file://${HOME}/foo"</span> <span style="color: #aa2211"><<</span> <span class="n">endl</span>
</div><div style="padding: 0 8px; margin: 0 4px; background: rgba(251, 175, 175, .7);"> <span style="color: #aa2211"><<</span> <span style="color: #766510">"hostname[$e]=$(hostname)"</span> <span style="color: #aa2211"><<</span> <span class="n">endl</span>
</div><div style="padding: 0 8px; margin: 0 4px; "> <span style="color: #aa2211"><<</span> <span style="color: #766510">"escapes=aaa,bb/b,ccc</span><span style="color: #bb6622">\\</span><span style="color: #766510">,ccc"</span> <span style="color: #aa2211"><<</span> <span class="n">endl</span>
</div></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">Instead of removing this test, can it instead be switched to verify the command execution does not occur?</p></div></div><br /><div style="border: 1px solid #C7CCD9; border-radius: 3px;"><div style="padding: 0; background: #F7F7F7; border-color: #e3e4e8; border-style: solid; border-width: 0 0 1px 0; margin: 0;"><div style="color: #74777d; background: #eff2f4; padding: 6px 8px; overflow: hidden;"><a style="float: right; text-decoration: none;" href="https://phabricator.kde.org/D22979#inline-129656">View Inline</a><span style="color: #4b4d51; font-weight: bold;">options.md:78</span></div>
<div style="font: 11px/15px "Menlo", "Consolas", "Monaco", monospace; white-space: pre-wrap; clear: both; padding: 4px 0; margin: 0;"><div style="padding: 0 8px; margin: 0 4px; background: rgba(251, 175, 175, .7);"><span class="n">Note</span> <span class="n">that</span> <span class="n">the</span> <span class="n">application</span> <span class="n">will</span> <span class="n">replace</span> <span class="err">`</span><span class="p">$</span><span class="n">USER</span><span class="err">`</span> <span class="bright"></span><span class="n"><span class="bright">and</span></span><span class="bright"> </span><span class="err"><span class="bright">`</span></span><span class="bright"></span><span class="p"><span class="bright">$(</span></span><span class="bright"></span><span class="n"><span class="bright">hostname</span></span><span class="bright"></span><span class="p"><span class="bright">)</span></span><span class="bright"></span><span class="err"><span class="bright">`</span></span><span class="bright"> </span><span style="color: #aa4000">with</span> <span class="n">their</span>
</div><div style="padding: 0 8px; margin: 0 4px; background: rgba(151, 234, 151, .6);"><span class="n">Note</span> <span class="n">that</span> <span class="n">the</span> <span class="n">application</span> <span class="n">will</span> <span class="n">replace</span> <span class="err">`</span><span class="p">$</span><span class="n">USER</span><span class="err">`</span> <span style="color: #aa4000">with</span> <span class="n">their</span>
</div><div style="padding: 0 8px; margin: 0 4px; "><span class="n">respective</span> <span class="n">expanded</span> <span class="n">values</span> <span class="n">after</span> <span class="n">saving</span><span class="p">.</span> <span class="n">To</span> <span class="n">prevent</span> <span style="color: #aa4000">this</span> <span class="n">combine</span> <span class="n">the</span> <span class="err">`</span><span class="p">$</span><span class="n">e</span><span class="err">`</span> <span class="n">option</span>
</div></div></div>
<div style="margin: 8px 0; padding: 0 12px;"><p style="padding: 0; margin: 8px;">Grammar suggestion: Note that the application will replace <tt style="background: #ebebeb; font-size: 13px;">$USER</tt> with its expanded values after saving.</p></div></div></div></div></div><br /><div><strong>REPOSITORY</strong><div><div>R237 KConfig</div></div></div><br /><div><strong>BRANCH</strong><div><div>security_kill_popen</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D22979">https://phabricator.kde.org/D22979</a></div></div><br /><div><strong>To: </strong>dfaure, mdawson, aacid, broulik, davidedmundson, kossebau, apol, sitter, security-team<br /><strong>Cc: </strong>ngraham, kde-frameworks-devel, LeGast00n, michaelh, bruns<br /></div>