[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fix security problem in lilypond-invoke-editor (issue 336240043 by a
From: |
dak |
Subject: |
Re: Fix security problem in lilypond-invoke-editor (issue 336240043 by address@hidden) |
Date: |
Fri, 24 Nov 2017 04:57:21 -0800 |
https://codereview.appspot.com/336240043/diff/40001/scripts/lilypond-invoke-editor.scm
File scripts/lilypond-invoke-editor.scm (right):
https://codereview.appspot.com/336240043/diff/40001/scripts/lilypond-invoke-editor.scm#newcode1
scripts/lilypond-invoke-editor.scm:1:
#!/home/knut/sources/lilybuilt/share/lilypond/bin/guile -s
This line is not going to work.
https://codereview.appspot.com/336240043/diff/40001/scripts/lilypond-invoke-editor.scm#newcode110
scripts/lilypond-invoke-editor.scm:110: (define (run-editor uri)
I think editor.scm is used elsewhere so its basic API
(get-editor-command) should be made to work.
Instead of using system* I am currently attempting to port Emacs'
shell-quote-argument. That is a less invasive change regarding the API
though I underestimated what a monstrous process quoting in Windows-like
systems is, starting with figuring out which quoting convention to use:
I wanted to put this up yesterday to avoid duplicate work but failed.
Sorry for that.
One thing is that I trust the Emacs developers to have done a pretty
thorough job. Likely better than what Guile did with system* on
Windows.
https://codereview.appspot.com/336240043/
- Re: Fix security problem in lilypond-invoke-editor (issue 336240043 by address@hidden),
dak <=