> That means: There only is a real and severe security problem if
> lilypond-invoke-editor is installed to handle non-textedit URIs.
> 
> Does anybody do that? Probably not.
> 
> I think we simply should nuke run-browser and do nothing
> if lilypond-invoke-editor is called with a non-textedit URI.

Disclaimer: I don't use lilypond-invoke-editor. In fact, I don't use
lilypond at all.

The documentation [1] claims that this is the intended usage:

> The program ‘lilypond-invoke-editor’ is a small helper program.  It
> will invoke an editor for the special textedit URIs, and run a web
> browser for others. It tests the environment variable EDITOR for the
> following patterns,

I'm not sure if it's easy to configure per-URI-scheme handlers in many
PDF readers. At least in some cases, the option to use
lilypond-invoke-editor as a generic handler is probably the easiest
one.

For reference, this can be fixed (on non-Windows) with something like:

(define (run-browser uri)
  (let ((browser (if (getenv "BROWSER")
                     (getenv "BROWSER")
                     "firefox")))
  (execlp browser browser uri)))

I guess this fix won't work on Windows. Maybe system* would work?

[1] 
http://lilypond.org/doc/v2.18/Documentation/usage/configuring-the-system-for-point-and-click.html

--
Gabriel

_______________________________________________
bug-lilypond mailing list
bug-lilypond@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-lilypond

Reply via email to