On Tue, 3 Feb 2015 11:45:13 -0500
James Lynes <[email protected]> wrote:
Allow me to rework the scary part:
> my ($self, $event) = @_;
> #print "\nOK Button\n";
> # Convert the pdf file to png using
> # "convert" command line command via system
> function call my $inpath = $self->{inpath};
> my $crop = $self->{cropstring};
> my $convertcommand = "convert $inpath -crop
> $crop $inpath.png"; #print "\n\n";
> #print $convertcommand;
> #print "\n\n";
> system("$convertcommand"); # Execute
> convert command
into:
my ($self, $event) = @_;
# print "\nOK Button\n";
# Convert the pdf file to png using convert command line command
# via system function call
my @convertcommand = ( "convert",
$self->{inpath},
"-crop", $crop,
$self->{inpath} . ".png" );
# print "\n\n@convertcommand\n\n";
system @convertcommand; # Execute convert command
By using an array instead of a string you prevent malicious input from the
dialogs to end up on the command line. Overkill? You decide.
Having said that, I have some bad experiences with convert and PDF
documents, so I'd prefer to use ghostscript instead.
-- Johan
