lux <[email protected]> writes: > The `org-babel-execute:plantuml' function does not properly escape the > `out-file' parameter when invoking the `inkscape' command. This leads … > A patch fixing the issue is attached. > > [4. text/x-patch; > 0001-lisp-ob-plantuml.el-Fix-command-injection-vulnerabil.patch]...
The code looks good. I didn’t run it yet, but it looks obviously correct and shell-quote-argument does what is needed there. (⇒ someone else will need to run it) Best wishes, Arne
signature.asc
Description: PGP signature
