El Dijous, 19 d'abril de 2012, a les 18:55:56, Ihar `Philips` Filipau va escriure: > On 4/19/12, Albert Astals Cid <[email protected]> wrote: > > El Dijous, 19 d'abril de 2012, a les 13:51:03, Ihar `Philips` Filipau va > > > > escriure: > >> The patch with shellEscape() function is attached. > > > > Shell escaping depends on the specifics of the particular shell you are > > using, > > i.e. there is no way to make sure you are escaping correctly for all > > shells. > > > > Using exec fixes the problem correctly since it guarantees you are only > > executing the gs binary. > > Yes, shell escape might break on Windows. (/bin/sh is guaranteed by > POSIX to be Bourne shell - so there is no problem on *nix.) > > But alas neither the fork()/exec() works on Windows. > > What about going defensive and simply rejecting any device name which > isn't alphanumeric? All gs device names are alphanumeric, quote from > gs -h:
Problem is not only in the device name, the extension can be user injected too (it's 5 chars max in length but a rm fits there :D) OTOH we don't need special characters in extension either. That might be a good solution. Do you want to give it try? Albert > > Available devices: > alc1900 alc2000 alc4000 alc4100 alc8500 alc8600 alc9100 ap3250 appledmp > atx23 atx24 atx38 bbox bit bitcmyk bitrgb bitrgbtags bj10e bj10v bj10vh > bj200 bjc600 bjc800 bjc880j bjccmyk bjccolor bjcgray bjcmono bmp16 bmp16m > bmp256 bmp32b bmpgray bmpmono bmpsep1 bmpsep8 ccr cdeskjet cdj1600 cdj500 > cdj550 cdj670 cdj850 cdj880 cdj890 cdj970 cdjcolor cdjmono cdnj500 cfax > chp2200 cif cljet5 cljet5c cljet5pr coslw2p coslwxl cp50 cups declj250 > deskjet devicen dfaxhigh dfaxlow display dj505j djet500 djet500c dl2100 > dnj650c epl2050 epl2050p epl2120 epl2500 epl2750 epl5800 epl5900 epl6100 > epl6200 eplcolor eplmono eps9high eps9mid epson epsonc epswrite escp > escpage faxg3 faxg32d faxg4 fmlbp fmpr fs600 gdi hl1240 hl1250 hl7x0 > hpdj1120c hpdj310 hpdj320 hpdj340 hpdj400 hpdj500 hpdj500c hpdj510 hpdj520 > hpdj540 hpdj550c hpdj560c hpdj600 hpdj660c hpdj670c hpdj680c hpdj690c > hpdj850c hpdj855c hpdj870c hpdj890c hpdjplus hpdjportable ibmpro ijs imagen > inferno inkcov iwhi iwlo iwlq jetp3852 jj100 jpeg jpegcmyk jpeggray la50 > la70 la75 la75plus laserjet lbp310 lbp320 lbp8 lex2050 lex3200 lex5700 > lex7000 lips2p lips3 lips4 lips4v lj250 lj3100sw lj4dith lj4dithp lj5gray > lj5mono ljet2p ljet3 ljet3d ljet4 ljet4d ljet4pjl ljetplus ln03 lp1800 > lp1900 lp2000 lp2200 lp2400 lp2500 lp2563 lp3000c lp7500 lp7700 lp7900 > lp8000 lp8000c lp8100 lp8200c lp8300c lp8300f lp8400f lp8500c lp8600 > lp8600f lp8700 lp8800c lp8900 lp9000b lp9000c lp9100 lp9200b lp9200c lp9300 > lp9400 lp9500c lp9600 lp9600s lp9800c lps4500 lps6500 lq850 lxm3200 > lxm5700m m8510 mag16 mag256 md1xMono md2k md50Eco md50Mono md5k mgr4 mgr8 > mgrgray2 mgrgray4 mgrgray8 mgrmono miff24 mj500c mj6000c mj700v2c mj8000c > ml600 necp6 npdl nullpage oce9050 oki182 oki4w okiibm omni oprp opvp > paintjet pam pamcmyk32 pamcmyk4 pbm pbmraw pcl3 pcx16 pcx24b pcx256 pcx256 > pcx2up pcxcmyk pcxgray pcxmono pdfwrite pdfwrite pgm pgmraw pgnm pgnmraw > photoex picty180 pj pjetxl pjxl pjxl300 pkm pkmraw pksm pksmraw plan > plan9bm planc plang plank planm png16 png16m png256 png48 pngalpha pnggray > pngmono pnm pnmraw ppm ppmraw pr1000 pr1000_4 pr150 pr201 ps2write psdcmyk > psdrgb psgray psmono psrgb pswrite pxlcolor pxlmono r4081 rinkj rpdl > samsunggdi sgirgb sj48 spotcmyk st800 stcolor sunhmono t4693d2 t4693d4 > t4693d8 tek4696 tiff12nc tiff24nc tiff32nc tiff48nc tiff64nc tiffcrle > tiffg3 tiffg32d tiffg4 tiffgray tifflzw tiffpack tiffscaled tiffscaled24 > tiffscaled8 tiffsep tiffsep1 txtwrite uniprint x11 x11alpha x11cmyk > x11cmyk2 x11cmyk4 x11cmyk8 x11gray2 x11gray4 x11mono xcf xes > _______________________________________________ > poppler mailing list > [email protected] > http://lists.freedesktop.org/mailman/listinfo/poppler _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
