@b4n commented on this pull request.


> -             g_free(replacement);
+                       case '%':
+                               src++;
+                               if (nesting[level].quote) /* close the quote */
+                                       g_string_append_c(stack, 
nesting[level].quote);
+                               const gchar *replacement = 
placeholder_replacement(placeholders, n_placeholders, *src);
+                               if (replacement)
+                               {
+                                       gchar *quoted = 
g_shell_quote(replacement);
+                                       g_string_append(stack, quoted);
+                                       g_free(quoted);
+                               }
+                               else
+                               {   /* just leave the placeholder */
+                                       g_string_append_c(stack, '%');
+                                       g_string_append_c(stack, *src);

here we might need to escape `*src`, as it could be pretty much anything, 
including a quote that would throw us off, can't it?  Maybe just have 
`placeholder_replacement()` yield the fallback one so we can have one single 
code path using `g_shell_quote()`. Alternatively, `g_shell_quote()` that extra 
character.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/pull/1300#pullrequestreview-4609327437
You are receiving this because you are subscribed to this thread.

Message ID: <geany/geany/pull/1300/review/[email protected]>

Reply via email to