At 04:02 PM 06/04/2004 +0200, Gonzalo wrote: >El mi�E 07-04-2004 a las 00:15, Jonathan Gilbert escribi�E [snip] >> For this command-line, ShellExecute searches for files whose name (w/o >> extension) are each of the following, in this order: >> >> "c:\\Program" (.exe, .com, .bat, .cmd, ..) >> "c:\\Program Files\\Fubar" (.exe, .com, .bat, .cmd, ..) >> "c:\\Program Files\\Fubar Corp\\Example" (.exe, .com, .bat, .cmd, ..) >> "c:\\Program Files\\Fubar Corp\\Example 1.exe" (.exe, .com, .bat, .cmd, ..) >> "c:\\Program Files\\Fubar Corp\\Example 1.exe params" (.exe, .com, .bat, >> .cmd, ..) >> >> Any one of those first 3 can be used to "hijack" the program, such that >> badly-written code using ShellExecute will run the wrong binary! I believe >> the MSDN documentation for ShellExecute warns about this issue. > >Isn't that what you get with 'cmd /c whatever'?
No. "cmd /c whatever" will only check the first word. [x:\]cmd /c c:\Program Files\Windows Media Player\mplayer2.exe 'c:\Program' is not recognized as an internal or external command, operable program or batch file. [x:\] Jonathan _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
