On 18/03/17 23:40, Holger Klemm wrote:
Hello everybody,
the final version 2.1 of the Enfuse Professional "plugin" for darktable 2.2.X
is finished.
Download:
http://www.multimedia4linux.de/images/darktable/plugins/enfuse_pro-2.1.tar
This certainly looks useful - thanks. I have a few suggestions.
For starters, this looks a bit scary...
dt.control.execute( "rm ~/.local/tmp/*.tif")
You are making the assumption that all those TIF files are yours - there
may be other stuff there that you should leave alone. It's also not
clear why you want to do this in those error cases in create_image_fusion().
Lua has its own os.remove() which you should probably use wherever
possible instead of executing "rm" (which might not be /usr/bin/rm).
Also bear in mind that every command passed to dt.control.execute() is
run by system(3), so any filename containing a double-quote character
and/or shell metacharacter is going to break the assembly of your
images_to_align string. At worst this could end up being a vector for
shell injection exploits if someone were to use this for processing
"interestingly named" files, but for typical desktop use, it would
probably just fail. Given that lua doesn't have anything better than
os.execute() that lets you pass argv explicitly, you should probably
escape the following special characters in each double-quoted argument
string by prefixing them with a backslash:
" \ `$
See
https://www.gnu.org/software/bash/manual/html_node/Double-Quotes.html#Double-Quotes
Something like this should do the trick:
function shellquote(arg)
return "\"" .. string.gsub(arg, "([\"\\`$])", "\\%1") .. "\""
end
Also, instead of running "which" to find an executable , you could just
try to start it inside a pcall() and handle any error that it returns.
You could also do the version check in that same call.
cheers
David
--
David Houlder
da...@davidhoulder.com
http://davidhoulder.com
___________________________________________________________________________
darktable developer mailing list
to unsubscribe send a mail to darktable-dev+unsubscr...@lists.darktable.org