D22979: Security: remove support for $(...) in config keys with [$e] marker.
David Faure
noreply at phabricator.kde.org
Tue Aug 6 23:37:12 BST 2019
dfaure created this revision.
dfaure added reviewers: mdawson, aacid, broulik, davidedmundson, kossebau, apol, sitter.
Herald added a project: Frameworks.
Herald edited subscribers, added: kde-frameworks-devel; removed: Frameworks.
dfaure requested review of this revision.
REVISION SUMMARY
It is very unclear at this point what a valid use case for this feature
would possibly be. The old documentation only mentions $(hostname) as
an example, which can be done with $HOSTNAME instead.
Note that $(...) is still supported in Exec lines of desktop files,
this does not require [$e] anyway (and actually works better without it,
otherwise the $ signs need to be doubled to obey kconfig $e escaping rules...).
TEST PLAN
ctest passes; various testcases with $(...) in desktop files,
directory files, and config files, no longer execute commands.
REPOSITORY
R237 KConfig
BRANCH
security_kill_popen
REVISION DETAIL
https://phabricator.kde.org/D22979
AFFECTED FILES
autotests/kconfigtest.cpp
src/core/kconfig.cpp
To: dfaure, mdawson, aacid, broulik, davidedmundson, kossebau, apol, sitter
Cc: kde-frameworks-devel, LeGast00n, michaelh, ngraham, bruns
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20190806/664a4603/attachment.html>
More information about the Kde-frameworks-devel
mailing list