Commit 9db872df authored by Marco Martin's avatar Marco Martin
Browse files

Make sure device paths are quoted

in the case a vfat removable device has $() or `` in its label,
such as $(touch foo) the quoted command may get executed,
leaving an attack vector. Use KMacroExpander::expandMacrosShellQuote
to make sure everything is quoted and not interpreted as a command

parent fc9b8df0
......@@ -158,7 +158,7 @@ void DelayedExecutor::delayedExecute(const QString &udi)
QString exec = m_service.exec();
MacroExpander mx(device);
KRun::runCommand(exec, QString(), m_service.icon(), 0);
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment