[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
emacs-29 1b4dc4691c 1/2: Fix htmlfontify.el command injection vulnerabil
From: |
Eli Zaretskii |
Subject: |
emacs-29 1b4dc4691c 1/2: Fix htmlfontify.el command injection vulnerability. |
Date: |
Tue, 27 Dec 2022 09:10:57 -0500 (EST) |
branch: emacs-29
commit 1b4dc4691c1f87fc970fbe568b43869a15ad0d4c
Author: Xi Lu <lx@shellcodes.org>
Commit: Eli Zaretskii <eliz@gnu.org>
Fix htmlfontify.el command injection vulnerability.
* lisp/htmlfontify.el (hfy-text-p): Fix command injection
vulnerability. (Bug#60295)
---
lisp/htmlfontify.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lisp/htmlfontify.el b/lisp/htmlfontify.el
index df4c6ab079..389b92939c 100644
--- a/lisp/htmlfontify.el
+++ b/lisp/htmlfontify.el
@@ -1850,7 +1850,7 @@ Hardly bombproof, but good enough in the context in which
it is being used."
(defun hfy-text-p (srcdir file)
"Is SRCDIR/FILE text? Use `hfy-istext-command' to determine this."
- (let* ((cmd (format hfy-istext-command (expand-file-name file srcdir)))
+ (let* ((cmd (format hfy-istext-command (shell-quote-argument
(expand-file-name file srcdir))))
(rsp (shell-command-to-string cmd)))
(string-match "text" rsp)))