|
Kevin Kofler |
23f5d78 |
diff -ur kdelibs-3.5.10/kdecore/kconfigbase.cpp kdelibs-3.5.10-CVE-2019-14744/kdecore/kconfigbase.cpp
|
|
Kevin Kofler |
23f5d78 |
--- kdelibs-3.5.10/kdecore/kconfigbase.cpp 2008-02-13 10:41:09.000000000 +0100
|
|
Kevin Kofler |
23f5d78 |
+++ kdelibs-3.5.10-CVE-2019-14744/kdecore/kconfigbase.cpp 2019-08-09 00:08:17.933610551 +0200
|
|
Kevin Kofler |
23f5d78 |
@@ -258,26 +258,7 @@
|
|
Kevin Kofler |
23f5d78 |
|
|
Kevin Kofler |
23f5d78 |
while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
|
|
Kevin Kofler |
23f5d78 |
// there is at least one $
|
|
Kevin Kofler |
23f5d78 |
- if( (aValue)[nDollarPos+1] == '(' ) {
|
|
Kevin Kofler |
23f5d78 |
- uint nEndPos = nDollarPos+1;
|
|
Kevin Kofler |
23f5d78 |
- // the next character is no $
|
|
Kevin Kofler |
23f5d78 |
- while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
|
|
Kevin Kofler |
23f5d78 |
- nEndPos++;
|
|
Kevin Kofler |
23f5d78 |
- nEndPos++;
|
|
Kevin Kofler |
23f5d78 |
- QString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
|
|
Kevin Kofler |
23f5d78 |
-
|
|
Kevin Kofler |
23f5d78 |
- QString result;
|
|
Kevin Kofler |
23f5d78 |
- FILE *fs = popen(QFile::encodeName(cmd).data(), "r");
|
|
Kevin Kofler |
23f5d78 |
- if (fs)
|
|
Kevin Kofler |
23f5d78 |
- {
|
|
Kevin Kofler |
23f5d78 |
- {
|
|
Kevin Kofler |
23f5d78 |
- QTextStream ts(fs, IO_ReadOnly);
|
|
Kevin Kofler |
23f5d78 |
- result = ts.read().stripWhiteSpace();
|
|
Kevin Kofler |
23f5d78 |
- }
|
|
Kevin Kofler |
23f5d78 |
- pclose(fs);
|
|
Kevin Kofler |
23f5d78 |
- }
|
|
Kevin Kofler |
23f5d78 |
- aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
|
|
Kevin Kofler |
23f5d78 |
- } else if( (aValue)[nDollarPos+1] != '$' ) {
|
|
Kevin Kofler |
23f5d78 |
+ if( (aValue)[nDollarPos+1] != '$' ) {
|
|
Kevin Kofler |
23f5d78 |
uint nEndPos = nDollarPos+1;
|
|
Kevin Kofler |
23f5d78 |
// the next character is no $
|
|
Kevin Kofler |
23f5d78 |
QString aVarName;
|
|
Kevin Kofler |
23f5d78 |
diff -ur kdelibs-3.5.10/kdecore/README.kiosk kdelibs-3.5.10-CVE-2019-14744/kdecore/README.kiosk
|
|
Kevin Kofler |
23f5d78 |
--- kdelibs-3.5.10/kdecore/README.kiosk 2005-09-10 10:27:12.000000000 +0200
|
|
Kevin Kofler |
23f5d78 |
+++ kdelibs-3.5.10-CVE-2019-14744/kdecore/README.kiosk 2019-08-09 00:09:28.552462522 +0200
|
|
Kevin Kofler |
23f5d78 |
@@ -642,18 +642,6 @@
|
|
Kevin Kofler |
23f5d78 |
Name[$ei]=${USER}
|
|
Kevin Kofler |
23f5d78 |
|
|
Kevin Kofler |
23f5d78 |
|
|
Kevin Kofler |
23f5d78 |
-Shell Commands in KDE config files.
|
|
Kevin Kofler |
23f5d78 |
-===================================
|
|
Kevin Kofler |
23f5d78 |
-
|
|
Kevin Kofler |
23f5d78 |
-In KDE3.1 arbitrary entries in configuration files can contain shell
|
|
Kevin Kofler |
23f5d78 |
-commands. This way the value of a configuration entry can be determined
|
|
Kevin Kofler |
23f5d78 |
-dynamically at runtime. In order to use this the entry must be marked
|
|
Kevin Kofler |
23f5d78 |
-with [$e].
|
|
Kevin Kofler |
23f5d78 |
-
|
|
Kevin Kofler |
23f5d78 |
-Example:
|
|
Kevin Kofler |
23f5d78 |
-Host[$e]=$(hostname)
|
|
Kevin Kofler |
23f5d78 |
-
|
|
Kevin Kofler |
23f5d78 |
-
|
|
Kevin Kofler |
23f5d78 |
KDE3 Kiosk Application API
|
|
Kevin Kofler |
23f5d78 |
==========================
|
|
Kevin Kofler |
23f5d78 |
|