diff --git a/src/qtgui/rclmain_w.cpp b/src/qtgui/rclmain_w.cpp index 2ad8e647..e834aae5 100644 --- a/src/qtgui/rclmain_w.cpp +++ b/src/qtgui/rclmain_w.cpp @@ -1,5 +1,5 @@ #ifndef lint -static char rcsid[] = "@(#$Id: rclmain_w.cpp,v 1.12 2006-12-05 15:23:50 dockes Exp $ (C) 2005 J.F.Dockes"; +static char rcsid[] = "@(#$Id: rclmain_w.cpp,v 1.13 2006-12-07 07:07:35 dockes Exp $ (C) 2005 J.F.Dockes"; #endif /* * This program is free software; you can redistribute it and/or modify @@ -662,12 +662,13 @@ void RclMain::startNativeViewer(int docnum) string fn = urltolocalpath(doc.url); string url = url_encode(doc.url, 7); - + string ipath = doc.ipath; // Substitute %u (url) and %f (file name) inside prototype command string ncmd; map subs; - subs['u'] = string("'") + url + "'"; - subs['f'] = string("'") + fn + "'"; + subs['u'] = escapeShell(url); + subs['f'] = escapeShell(fn); + subs['i'] = escapeShell(ipath); pcSubst(cmd, ncmd, subs); ncmd += " &"; diff --git a/src/utils/mimeparse.h b/src/utils/mimeparse.h index 014f792f..60331740 100644 --- a/src/utils/mimeparse.h +++ b/src/utils/mimeparse.h @@ -16,7 +16,7 @@ */ #ifndef _MIME_H_INCLUDED_ #define _MIME_H_INCLUDED_ -/* @(#$Id: mimeparse.h,v 1.9 2006-09-22 07:42:55 dockes Exp $ (C) 2004 J.F.Dockes */ +/* @(#$Id: mimeparse.h,v 1.10 2006-12-07 07:07:18 dockes Exp $ (C) 2004 J.F.Dockes */ /* Mime definitions RFC to 4-9-2006: @@ -73,9 +73,12 @@ class MimeHeaderValue { */ extern bool parseMimeHeaderValue(const string& in, MimeHeaderValue& psd); -/** Quoted printable decoding. Doubles up as rfc2231 decoder, hence the esc */ -extern bool qp_decode(const string& in, string &out, - char esc = '='); +/** + * Quoted printable decoding. Doubles up as rfc2231 decoder, hence the esc + * RFC2045 Quoted printable uses '=' , rfc2331 uses '%'. The two encodings are + * otherwise similar. + */ +extern bool qp_decode(const string& in, string &out, char esc = '='); /** Decode an Internet mail field value encoded according to rfc2047 * diff --git a/src/utils/smallut.cpp b/src/utils/smallut.cpp index 2b15991f..eecb103a 100644 --- a/src/utils/smallut.cpp +++ b/src/utils/smallut.cpp @@ -1,5 +1,5 @@ #ifndef lint -static char rcsid[] = "@(#$Id: smallut.cpp,v 1.19 2006-11-30 13:38:44 dockes Exp $ (C) 2004 J.F.Dockes"; +static char rcsid[] = "@(#$Id: smallut.cpp,v 1.20 2006-12-07 07:07:18 dockes Exp $ (C) 2004 J.F.Dockes"; #endif /* * This program is free software; you can redistribute it and/or modify @@ -403,6 +403,36 @@ string escapeHtml(const string &in) return out; } +string escapeShell(const string &in) +{ + string out; + out += "\""; + for (string::size_type pos = 0; pos < in.length(); pos++) { + switch(in.at(pos)) { + case '$': + out += "\\$"; + break; + case '`': + out += "\\`"; + break; + case '"': + out += "\\\""; + break; + case '\n': + out += "\\\n"; + break; + case '\\': + out += "\\\\"; + break; + default: + out += in.at(pos); + } + } + out += "\""; + return out; +} + + // Small utility to substitute printf-like percents cmds in a string bool pcSubst(const string& in, string& out, map& subs) { diff --git a/src/utils/smallut.h b/src/utils/smallut.h index 64d4b3d3..351b9364 100644 --- a/src/utils/smallut.h +++ b/src/utils/smallut.h @@ -16,7 +16,7 @@ */ #ifndef _SMALLUT_H_INCLUDED_ #define _SMALLUT_H_INCLUDED_ -/* @(#$Id: smallut.h,v 1.19 2006-11-13 11:59:11 dockes Exp $ (C) 2004 J.F.Dockes */ +/* @(#$Id: smallut.h,v 1.20 2006-12-07 07:07:18 dockes Exp $ (C) 2004 J.F.Dockes */ #include #include #include @@ -65,6 +65,10 @@ extern string escapeHtml(const string &in); * so chars should only contain ascii */ extern string neutchars(const string &str, string chars); +/** turn string into something that won't be expanded by a shell. In practise + * quote with single-quotes and escape internal singlequotes */ +extern string escapeShell(const string &str); + /** Truncate a string to a given maxlength, avoiding cutting off midword * if reasonably possible. */ extern string truncate_to_word(string &input, string::size_type maxlen);