El mi�, 07-04-2004 a las 02:51, Jonathan Gilbert escribi�: > At 04:02 PM 06/04/2004 +0200, Gonzalo wrote: > >El mi�E 07-04-2004 a las 00:15, Jonathan Gilbert escribi�E > [snip] > >> For this command-line, ShellExecute searches for files whose name (w/o > >> extension) are each of the following, in this order: > >> > >> "c:\\Program" (.exe, .com, .bat, .cmd, ..) > >> "c:\\Program Files\\Fubar" (.exe, .com, .bat, .cmd, ..) > >> "c:\\Program Files\\Fubar Corp\\Example" (.exe, .com, .bat, .cmd, ..) > >> "c:\\Program Files\\Fubar Corp\\Example 1.exe" (.exe, .com, .bat, .cmd, ..) > >> "c:\\Program Files\\Fubar Corp\\Example 1.exe params" (.exe, .com, .bat, > >> .cmd, ..) > >> > >> Any one of those first 3 can be used to "hijack" the program, such that > >> badly-written code using ShellExecute will run the wrong binary! I believe > >> the MSDN documentation for ShellExecute warns about this issue. > > > >Isn't that what you get with 'cmd /c whatever'? > > No. "cmd /c whatever" will only check the first word. > > [x:\]cmd /c c:\Program Files\Windows Media Player\mplayer2.exe > 'c:\Program' is not recognized as an internal or external command, > operable program or batch file.
Oh, we didn't pass the first argument in quotes, but we do now. -Gonzalo _______________________________________________ Mono-list maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/mono-list
