Re: [PATCH] Fix ob-latex.el command injection vulnerability.

emacs-orgmode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Fix ob-latex.el command injection vulnerability.

From:	Ihor Radchenko
Subject:	Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Date:	Sat, 18 Feb 2023 11:43:14 +0000

lux <lx@shellcodes.org> writes:

> -              (shell-command (format "mv %s %s" img-out out-file)))))
> +              (rename-file img-out out-file))))

I think should be (rename-file img-out out-file t)

-- 
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/02/18
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Max Nikulin, 2023/02/18
  - Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/02/18
    - Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko <=
    - Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/02/18

Prev by Date: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Next by Date: [BUG] org-id-get-create creating property drawers after SCHEDULE and DEADLINE keywords [9.6 (release_9.6-3-ga4d38e @ /nix/store/zr2g5z2hbqxa93ndfkx6n0v489al6lfq-emacs-git-20221206.0/share/emacs/30.0.50/lisp/org/)]
Previous by thread: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Next by thread: Re: [PATCH] Fix ob-latex.el command injection vulnerability.
Index(es):
- Date
- Thread