Re: [darktable-dev] Darktable 2.2.X Plugin Enfuse Professional

Sun, 19 Mar 2017 05:50:25 -0700 

On 18/03/17 23:40, Holger Klemm wrote:

Hello everybody,
the final version 2.1 of the Enfuse Professional "plugin" for darktable 2.2.X
is finished.
Download:
http://www.multimedia4linux.de/images/darktable/plugins/enfuse_pro-2.1.tar


This certainly looks useful - thanks. I have a few suggestions.

For starters, this looks a bit scary...
     dt.control.execute( "rm ~/.local/tmp/*.tif")

You are making the assumption that all those TIF files are yours - there 
may be other stuff there that you should leave alone. It's also not 
clear why you want to do this in those error cases in create_image_fusion().



Lua has its own os.remove() which you should probably use wherever 
possible instead of executing "rm" (which might not be /usr/bin/rm).



Also bear in mind that every command passed to dt.control.execute() is 
run by system(3), so any filename containing a double-quote character 
and/or shell metacharacter is going to break the assembly of  your 
images_to_align string.  At worst this could end up being a vector for 
shell injection exploits if someone were to use this for processing 
"interestingly named" files, but for typical desktop use, it would 
probably just fail. Given that lua doesn't have anything better than 
os.execute() that lets you pass argv explicitly, you should probably 
escape the following special characters in each double-quoted argument 
string by prefixing them with a backslash:

" \ `$

See 
https://www.gnu.org/software/bash/manual/html_node/Double-Quotes.html#Double-Quotes

Something like this should do the trick:

function shellquote(arg)
  return "\"" .. string.gsub(arg, "([\"\\`$])", "\\%1") .. "\""
end


Also, instead of running "which" to find an executable , you could just 
try to start it inside a pcall() and handle any error that it returns. 
You could also do the version check in that same call.


cheers
David

--
David Houlder
da...@davidhoulder.com
http://davidhoulder.com


___________________________________________________________________________
darktable developer mailing list
to unsubscribe send a mail to darktable-dev+unsubscr...@lists.darktable.org






















					Reply via email to