On Sun, Feb 12, 2006 at 08:14:40PM +0100, Nicolas George wrote: > If display is called on a file:/// URL, it deletes the images after > displaying it. Steps to reprodude: > > cp /some/image.jpg /tmp/test.jpg > display file:///tmp/test.jpg > Quit display: /tmp/test.jpg is gone.
Uh, that's a grave bug indeed. Also happens with other tools from the ImageMagick suite like identify, by the way. > Since display may be MIME handler for images, and configured to take URLs > and not paths, this may be a security risk in some cases. I'm not convinced about the security implications of this bug, though. Are you aware of any applications that pass an URI to a mime handler rather than just the local path and filename? Furthermore, the mailcap entries in testing and unstable now prefix the filename with a format string based on the mime type, which makes it impossible to trigger this bug via the mime handler route. Regards, Daniel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
