Gabriel Corona - 2018-06-03
The Firefox -remote OpenURL(...) in many different programs is a remain from a
long past. I doesn't work on recent versions of Firefox (and I think it has not
been working for quite a few years).
If you checkout on aee02594be68a968bb843f87d3264777099e46b4 you still have this
vulnerable code:
~~~
(define (run-browser uri)
(system
(if (getenv "BROWSER")
(format #f "~a ~a" (getenv "BROWSER") uri)
(format #f "firefox -remote 'OpenURL(~a,new-tab)'" uri))))
~~~
---
** [issues:#5342] lilypond-invoke-editor only should only handle textedit URIs**
**Status:** New
**Created:** Mon Jun 11, 2018 05:26 PM UTC by pkx166h
**Last Updated:** Mon Jun 11, 2018 05:26 PM UTC
**Owner:** nobody
This came out of both
https://sourceforge.net/p/testlilyissues/issues/5243/
and
https://sourceforge.net/p/testlilyissues/issues/5334/
>From Knut Petersen - 2018-06-03
I think that lilypond-invoke-editor only should only handle textedit URIs. It
might be a good idea to have a 2nd look at the patch I suggested in 2017.
https://codereview.appspot.com/336240043
https://sourceforge.net/p/testlilyissues/issues/5243/
On top of current master
git revert aee02594be68a968bb843f87d3264777099e46b4
git revert 39f800a7e5acb7cc5da6424c99fd2690e389495a
git revert 807f5eb8cd631133da3be6897e3e8fa7202e089d
wget https://codereview.appspot.com/download/issue336240043_60001.diff
would be needed to for a test build.
In 2017 one objection was that my patch does not change the code in lily.scm
... do you we really need to change that code? I don't see a problem as the
code is executed by lilypond, we give the arguments. But maybe I don't have the
imagination to see a security hole ...
---
Sent from sourceforge.net because testlilyissues-a...@lists.sourceforge.net is
subscribed to https://sourceforge.net/p/testlilyissues/issues/
To unsubscribe from further messages, a project admin can change settings at
https://sourceforge.net/p/testlilyissues/admin/issues/options. Or, if this is
a mailing list, you can unsubscribe from the mailing list.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Testlilyissues-auto mailing list
testlilyissues-a...@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/testlilyissues-auto