On Wednesday 10 December 2008 07:42, j16sdiz at freenetproject.org wrote:
> Author: j16sdiz
> Date: 2008-12-10 07:42:46 +0000 (Wed, 10 Dec 2008)
> New Revision: 24171
>
> Modified:
> trunk/plugins/XMLSpider/XMLSpider.java
> Log:
> use File#mkdirs(), not Runtime.exec()
Eeeeeeeeeeeeeeeeeeeek! Fortunately DEFAULT_INDEX_DIR is a constant, so this
isn't exploitable.
>
> Modified: trunk/plugins/XMLSpider/XMLSpider.java
> ===================================================================
> --- trunk/plugins/XMLSpider/XMLSpider.java 2008-12-10 07:42:36 UTC (rev
24170)
> +++ trunk/plugins/XMLSpider/XMLSpider.java 2008-12-10 07:42:46 UTC (rev
24171)
> @@ -904,12 +904,10 @@
> tProducedIndex = System.currentTimeMillis();
> stopped = false;
> count = 0;
> - try{
> - Runtime.getRuntime().exec("mkdir "+DEFAULT_INDEX_DIR);
> +
> + if (!new File(DEFAULT_INDEX_DIR).mkdirs()) {
> + Logger.error(this, "Could not create default index
> directory ");
> }
> - catch(Exception e){
> - Logger.error(this, "Could not create default index
directory "+e.toString(), e);
> - }
> //startPlugin();
> pr.getNode().executor.execute(new Runnable() {
> public void run() {
>
> _______________________________________________
> cvs mailing list
> cvs at freenetproject.org
> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20081210/1ebc88c4/attachment.pgp>
