]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cd2f152)
Added '(' and ')' to the whitelist of SanitizeSystemCommand.
authordirk <dirk@git.imagemagick.org>
Sat, 11 Oct 2014 19:13:34 +0000 (19:13 +0000)
committerdirk <dirk@git.imagemagick.org>
Sat, 11 Oct 2014 19:13:34 +0000 (19:13 +0000)
Removed SanitizeDelegateCommand because this is already done by SystemCommand.

MagickCore/delegate.c patch | blob | history
MagickCore/utility.c patch | blob | history

diff --git a/MagickCore/delegate.c b/MagickCore/delegate.c
index d355fa62d5ced7abe52b54a5942559c53acf2e54..9f166d607a674d3395231caffd1d6989d717de5e 100644 (file)
--- a/MagickCore/delegate.c
+++ b/MagickCore/delegate.c
@@ -893,30 +893,6 @@ static MagickBooleanType CopyDelegateFile(const char *source,
   return(IsMagickTrue(i!=0));
 }
 
-static char *SanitizeDelegateCommand(const char *command)
-{
-  char
-    *sanitize_command;
-
-  const char
-    *q;
-
-  register char
-    *p;
-
-  static char
-    whitelist[] =
-      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_- "
-      ".@&;<>|/\\\'\":%=~";
-
-  sanitize_command=AcquireString(command);
-  p=sanitize_command;
-  q=sanitize_command+strlen(sanitize_command);
-  for (p+=strspn(p,whitelist); p != q; p+=strspn(p,whitelist))
-    *p='_';
-  return(sanitize_command);
-}
-
 MagickExport MagickBooleanType InvokeDelegate(ImageInfo *image_info,
   Image *image,const char *decode,const char *encode,ExceptionInfo *exception)
 {
@@ -1120,16 +1096,11 @@ MagickExport MagickBooleanType InvokeDelegate(ImageInfo *image_info,
     command=InterpretImageProperties(image_info,image,commands[i],exception);
     if (command != (char *) NULL)
       {
-        char
-          *sanitize_command;
-
         /*
           Execute delegate.
         */
-        sanitize_command=SanitizeDelegateCommand(command);
         status=IsMagickTrue(SystemCommand(delegate_info->spawn,
-          image_info->verbose,sanitize_command,exception) != 0);
-        sanitize_command=DestroyString(sanitize_command);
+          image_info->verbose,command,exception) != 0);
         if (IfMagickTrue(delegate_info->spawn))
           {
             ssize_t
diff --git a/MagickCore/utility.c b/MagickCore/utility.c
index a8b280763be8c74d77424194947e53281aba8de4..a88d00327f0debbd3df47564b952fc9148220468 100644 (file)
--- a/MagickCore/utility.c
+++ b/MagickCore/utility.c
@@ -1932,7 +1932,7 @@ static char *SanitizeSystemCommand(const char *command)
   static char
     whitelist[] = 
       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_- "
-      ".@&;<>|/\\\'\":%=~";
+      ".@&;<>()|/\\\'\":%=~";
 
   sanitize_command=AcquireString(command);
   p=sanitize_command;
Unnamed repository; edit this file 'description' to name the repository.