tccr.it

       Add an XXX comment regarding possible command injection. - dotfiles - leot's dotfiles
 (HTM) hg clone https://bitbucket.org/iamleot/dotfiles
 (DIR) Log
 (DIR) Files
 (DIR) Refs
       ---
 (DIR) changeset 0ddcfcedfc35e5bb495585c3828ae83e7f1617a0
 (DIR) parent 01d6014ecac8fd366f41f4e985af8f6664799b90
 (HTM) Author: Leonardo Taccari <iamleot@gmail.com>
       Date:   Sat,  8 Jun 2019 17:03:58 
       
       Add an XXX comment regarding possible command injection.
       
       (No it is not a feature!)
       
       Diffstat:
        surf/surf-setprop |  3 +++
        1 files changed, 3 insertions(+), 0 deletions(-)
       ---
       diff -r 01d6014ecac8 -r 0ddcfcedfc35 surf/surf-setprop
       --- a/surf/surf-setprop Sat Jun 08 17:01:08 2019 +0200
       +++ b/surf/surf-setprop Sat Jun 08 17:03:58 2019 +0200
       @@ -23,6 +23,9 @@
        
        surfrawify()
        {
       +       # XXX: It is possible to inject arbitrary command in the two surfraw
       +       # XXX: invocations.
       +
               [ -n "$1" ] && surfraw -p -- $1 2>/dev/null |
                   awk -v var="$1" '
                   /No elvis or bookmark with that name/ {