branch: master
commit 4cdd6568a75d5bb3d2ed0beb67d6f1e69176c201
Author: Steven Allen <[email protected]>
Commit: Steven Allen <[email protected]>
Use call-process instead of call-process-shell-command.
* counsel.el (counsel-linux-app-action-default,
counsel-linux-app-action-file):
Use ~call-process~ instead of ~call-process-shell-command~ to avoid
executing
yet another process (=/bin/sh=) and to avoid potential code injection
(when
opening a file with a malicious name with
~counsel-linux-app-action-file~).
---
counsel.el | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/counsel.el b/counsel.el
index 1bfe16c..1af8f63 100644
--- a/counsel.el
+++ b/counsel.el
@@ -2791,16 +2791,14 @@ And insert it into the minibuffer. Useful during
(defun counsel-linux-app-action-default (desktop-shortcut)
"Launch DESKTOP-SHORTCUT."
(setq desktop-shortcut (cdr desktop-shortcut))
- (call-process-shell-command
- (format "gtk-launch %s" desktop-shortcut)))
+ (call-process "gtk-launch" nil nil nil desktop-shortcut))
(defun counsel-linux-app-action-file (desktop-shortcut)
"Launch DESKTOP-SHORTCUT with a selected file."
(setq desktop-shortcut (cdr desktop-shortcut))
(let ((file (read-file-name "Open: ")))
(if file
- (call-process-shell-command
- (format "gtk-launch %s \"%s\"" desktop-shortcut file))
+ (call-process "gtk-launch" nil nil nil desktop-shortcut file)
(user-error "cancelled"))))
(ivy-set-actions
