On 4/19/12, Albert Astals Cid <[email protected]> wrote: >> > > What about going defensive and simply rejecting any device name which >> > > isn't alphanumeric? All gs device names are alphanumeric, quote from >> > >> > Problem is not only in the device name, the extension can be user >> > injected >> > too (it's 5 chars max in length but a rm fits there :D) >> >> ... and filenames too >> >> pdftohtml file.pdf 'x"; touch hello1 #.html' -c -dev png >> pdftohtml 'x"; touch hello2 #.pdf' -c -dev png > > That is a problem, since we can't limit the characters to only alfanumeric > for filenames :D >
LOL. Well, shell escape then? As it turned out, on Windows one can simply use double quote around the parameters - double quotes are illegal characters for files names there. cmd.exe on my WinXP and Win7 handle them as expected (e.g. `dir "_vim""rc"` is the same as `dir "_vimrc"` is the same as `dir _vimrc`). (IOW, on *nix shell escape as in previous patch, on Windows - simply wrap in double quotes.) Actually shell escaping can be seen as an independent fix: the gs command line generation already tries to wrap the file names using double quotes. And with the knowledge of how it works on Windows, the choice of the double quotes doesn't seem to be arbitrary. E.g. from debug output (my backslashes; bad device name is quoted as per my previous shell quote patch): gs -sDEVICE='"'\''jpeg'\''"' -dBATCH -dNOPROMPT \ -dNOPAUSE -r108 -sOutputFile="Der Mond%03d.jpeg" \ -g892x1263 -q "Der Mond.ps" _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
