[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Fix ob-latex.el command injection vulnerability.
|
From: |
lux |
|
Subject: |
Re: [PATCH] Fix ob-latex.el command injection vulnerability. |
|
Date: |
Sat, 11 Mar 2023 13:12:47 +0800 |
|
User-agent: |
Evolution 3.46.4 (3.46.4-1.fc37) |
On Thu, 2023-03-09 at 12:22 +0000, Ihor Radchenko wrote:
>
> im-in-options and im-out-options, according to
> https://orgmode.org/worg/org-contrib/babel/languages/ob-doc-LaTeX.html
> ,
> are options passed to ImageMagick.
>
> However, for example, (shell-quote-argument "-enhance -strip") will
> return "-enhance\\ -strip", which is not what we want.
>
> Similar problem with other instances of `shell-command' in Org where
> header args supply command line arguments. Like in :cmdline.
>
I think there is only a need to deal with the problem of `\\ ', for
example:
(string-replace "\\ " " " (shell-quote-argument im-in-options))
Any better suggestions? Thanks.
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., (continued)
Re: [PATCH] Fix ob-latex.el command injection vulnerability., Max Nikulin, 2023/03/07
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/03/07
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/03/08
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/03/09
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Max Nikulin, 2023/03/09
- Re: [PATCH] Fix ob-latex.el command injection vulnerability.,
lux <=
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/03/11
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., lux, 2023/03/11
- Re: [PATCH] Fix ob-latex.el command injection vulnerability., Ihor Radchenko, 2023/03/12