[Github-comments] [geany/geany] Geany's context again (#1836)

elextr notifications at xxxxx
Sat Apr 21 10:06:44 UTC 2018


@aplsimple please use a recognised format like diff.  Its not clear what you are actually doing, but it appears that the only change is the addition of a call to `build_replace_placeholder()`.  If thats what you wanted why didn't you just say so instead of a novel nobody read?

Also note I think you have a memory leak because you don't free the strdup of command anywhere.

If you correct that and make a proper pull request with the manual documentation matching the change you might have a chance of the change being accepted.

@LarsGit223 certainly if the user set the command setting to `%s` it will run the selection, but thats the case now, and nowhere does Geany attempt to sanitise commands that result from substitution of placeholders into command strings set by users, and nor should it.  Even if the command was set to the totally innocuous `echo %s`, a user could select `; rm -rf /` and be in trouble :grin:


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/1836#issuecomment-383282829
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.geany.org/pipermail/github-comments/attachments/20180421/8965ddc6/attachment.html>


More information about the Github-comments mailing list