File xdg-open-fix-CVE-2014-9622.diff of Package xdg-utils.7563
Index: xdg-utils-20140630/scripts/xdg-open.in
===================================================================
--- xdg-utils-20140630.orig/scripts/xdg-open.in
+++ xdg-utils-20140630/scripts/xdg-open.in
@@ -183,17 +183,17 @@ search_desktop_file()
# FIXME: Actually LC_MESSAGES should be used as described in
# http://standards.freedesktop.org/desktop-entry-spec/latest/ar01s04.html
localised_name="'$(get_key "${file}" "Name")'"
- arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*"'"$arg_one"'"*g' \
+ arguments_exec="$(echo "$arguments" | sed -e 's*%[fFuU]*'"$arg_one"'*g' \
-e 's*%i*'"$icon"'*g' \
-e 's*%c*'"$localised_name"'*g')"
if [ -x "$command_exec" ] ; then
if echo "$arguments" | grep -iq '%[fFuU]' ; then
echo START "$command_exec" "$arguments_exec"
- eval "$command_exec" "$arguments_exec"
+ eval "'$command_exec'" "'$arguments_exec'"
else
echo START "$command_exec" "$arguments_exec" "$arg"
- eval "$command_exec" "$arguments_exec" "$arg"
+ eval "'$command_exec'" "'$arguments_exec'" "'$arg'"
fi
if [ $? -eq 0 ]; then
