[Xapian-tickets] [Xapian] #762: Windows file select helper
Xapian
nobody at xapian.org
Tue Jun 5 00:17:01 BST 2018
#762: Windows file select helper
-------------------------+-------------------------
Reporter: darius | Owner: olly
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Other | Version:
Severity: normal | Resolution:
Keywords: | Blocked By:
Blocking: | Operating System: All
-------------------------+-------------------------
Comment (by olly):
{{{
$filename = $prefix + $uri.LocalPath -replace "/", "\"
[...]
Start-Process -FilePath $explorer -ArgumentList "/select, ""$filename"""
}}}
I'm not familiar with this scripting language, but is the quoting of
`$filename` here safe?
E.g. if an attacker tricks a user into clicking on a URL which contains
double quotes, e.g. something like `omegalink:foo%22%20evil%20%22`. Maybe
you can't cause explorer to do anything nasty even if you can break out of
the quotes though.
> I was also wondering about writing a Wiki article but I can't see how to
create a page :)
We disabled WIKI_CREATE permission by default as it was getting abused by
spammers and isn't something that random users usually want to do. We're
happy to enable it on request from legitimate users though (I've added you
to the whitelist).
--
Ticket URL: <https://trac.xapian.org/ticket/762#comment:1>
Xapian <https://xapian.org/>
Xapian
More information about the Xapian-tickets
mailing list