> Line 633? 634? So: > > # $command =~ s/%s/'$url'/g; > $command=~s/&/\\&/g;
Sorry for not having given the line numbers, etc. I actually made changes around 522 and 647, and defined a new subroutine (I named it wlmsanitize) which modifies the command to run. A patch follows. > > I'm a perl guy, yet that's non-trivial here. Thx. :-) > You're welcome. I don't know if there are other characters that appear in an url and need to be escaped for the shell ([;><]?); they could easily be accomodated by modifying 'wlmsanitize'. The page for the extract_url project (http://www.memoryhole.net/~kyle/extract_url/) mentions that the program already transforms characters dangerous to the shell, but then it only mentions explicitly single quotes and dollar signs. Best regards, Luis ---------------------------------------------- patch to fix ampersands in urls : --- extract_url.pl~ 2013-03-31 12:35:39.303174972 -0600 +++ extract_url.pl 2013-03-31 15:10:47.822005282 -0600 @@ -519,7 +519,7 @@ } else { $urlviewcommand .= " $url"; } - system $urlviewcommand; + system wlmsanitize($urlviewcommand); exit 0; } @@ -644,7 +644,7 @@ ); } if ($return) { - system $command; + system wlmsanitize($command); if ($stayopen == 0) { exit 0 if ($persist == 0); } else { @@ -689,6 +689,14 @@ print "$value\n"; } } + +sub wlmsanitize { + my $cmd=shift @_; + $cmd =~ s/&/\\&/g; + return $cmd; +} + + =head1 NAME B<extract_url.pl> -- extract URLs from email messages
signature.asc
Description: Digital signature
