summaryrefslogtreecommitdiff
path: root/network/newsbeuter/newsbeuter-2.9-security-fix.patch
diff options
context:
space:
mode:
Diffstat (limited to 'network/newsbeuter/newsbeuter-2.9-security-fix.patch')
-rw-r--r--network/newsbeuter/newsbeuter-2.9-security-fix.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/network/newsbeuter/newsbeuter-2.9-security-fix.patch b/network/newsbeuter/newsbeuter-2.9-security-fix.patch
new file mode 100644
index 0000000000..f99cbf04c9
--- /dev/null
+++ b/network/newsbeuter/newsbeuter-2.9-security-fix.patch
@@ -0,0 +1,15 @@
+--- a/src/controller.cpp
++++ b/src/controller.cpp
+@@ -1275,9 +1275,10 @@ std::string controller::bookmark(const std::string& url, const std::string& titl
+ std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd");
+ bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive");
+ if (bookmark_cmd.length() > 0) {
+- std::string cmdline = utils::strprintf("%s '%s' %s %s",
++ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'",
+ bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(),
+- stfl::quote(title).c_str(), stfl::quote(description).c_str());
++ utils::replace_all(title,"'", "%27").c_str(),
++ utils::replace_all(description,"'", "%27").c_str());
+
+ LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str());
+
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-30 09:51:59 +0000