GNU bug report logs - #7166
browse-url-xdg-open does not escape shell meta-characters

Previous Next

Package: emacs;

Reported by: Ken Hori <fplemma <at> gmail.com>

Date: Wed, 6 Oct 2010 13:27:02 UTC

Severity: normal

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 7166 in the body.
You can then email your comments to 7166 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Wed, 06 Oct 2010 13:27:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Ken Hori <fplemma <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Wed, 06 Oct 2010 13:27:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ken Hori <fplemma <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: browse-url truncates the given url after an '&'
Date: Wed, 6 Oct 2010 06:26:39 -0700

Observed emacs-version:
GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
 of 2010-10-06
Information forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Wed, 06 Oct 2010 17:30:03 GMT) Full text and rfc822 format available.

Message #8 received at 7166 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Ken Hori <fplemma <at> gmail.com>
Cc: 7166 <at> debbugs.gnu.org
Subject: Re: bug#7166: browse-url truncates the given url after an '&'
Date: Wed, 06 Oct 2010 13:32:13 -0400

Ken Hori wrote:

> Observed emacs-version:
> GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
>  of 2010-10-06

Please. Give. Details.

emacs -Q
(browse-url "http://www.google.com/search?hl=en&q=emacs&lr=lang_en")

works for me in 23.2 and the current trunk.
Information forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Thu, 07 Oct 2010 05:34:01 GMT) Full text and rfc822 format available.

Message #11 received at 7166 <at> debbugs.gnu.org (full text, mbox):

From: Ken Hori <fplemma <at> gmail.com>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 7166 <at> debbugs.gnu.org
Subject: Re: bug#7166: browse-url truncates the given url after an '&'
Date: Wed, 6 Oct 2010 22:36:19 -0700

Details:

$ ./src/emacs -Q

(browse-url "http://www.google.com/search?hl=en&lr=lang_en&q=emacs")
=> 0

After you evaluate it, you'll get redirected to
http://www.google.com/webhp?hl=en on your primary browser because, I assume,
the original URI was somehow truncated or modified (haven't verified which).

If you type in http://www.google.com/search?hl=en&lr=lang_en&q=emacs manually,
you'll get the expected SRP.

VERSION:

GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
 of 2010-10-06


On Wed, Oct 6, 2010 at 10:32 AM, Glenn Morris <rgm <at> gnu.org> wrote:
> Ken Hori wrote:
>
>> Observed emacs-version:
>> GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
>>  of 2010-10-06
>
> Please. Give. Details.
>
> emacs -Q
> (browse-url "http://www.google.com/search?hl=en&q=emacs&lr=lang_en")
>
> works for me in 23.2 and the current trunk.
>
Information forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Thu, 07 Oct 2010 18:09:02 GMT) Full text and rfc822 format available.

Message #14 received at 7166 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Ken Hori <fplemma <at> gmail.com>
Cc: Jan Djärv <jan.h.d <at> swipnet.se>, 7166 <at> debbugs.gnu.org
Subject: Re: bug#7166: browse-url truncates the given url after an '&'
Date: Thu, 07 Oct 2010 14:11:23 -0400

Ken Hori wrote:

> $ ./src/emacs -Q
>
> (browse-url "http://www.google.com/search?hl=en&lr=lang_en&q=emacs")

Works for me.

By experiment, this is a bug in browse-url-xdg-open, which I don't use.
Information forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Thu, 07 Oct 2010 18:33:01 GMT) Full text and rfc822 format available.

Message #17 received at 7166 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Ken Hori <fplemma <at> gmail.com>, 7166 <at> debbugs.gnu.org,
	Jan Djärv <jan.h.d <at> swipnet.se>
Subject: Re: bug#7166: browse-url truncates the given url after an '&'
Date: Thu, 7 Oct 2010 14:35:17 -0400

I guess this might fix it:

*** lisp/net/browse-url.el	2010-09-23 06:42:45 +0000
--- lisp/net/browse-url.el	2010-10-07 18:28:31 +0000
***************
*** 939,945 ****
    (interactive (browse-url-interactive-arg "URL: "))
    (call-process "/bin/sh" nil nil nil
  		"-c"
! 		(concat "nohup xdg-open " url
  			">/dev/null 2>&1 </dev/null")))
  
  ;;;###autoload
--- 939,945 ----
    (interactive (browse-url-interactive-arg "URL: "))
    (call-process "/bin/sh" nil nil nil
  		"-c"
! 		(concat "nohup xdg-open " (shell-quote-argument url)
  			">/dev/null 2>&1 </dev/null")))
  
  ;;;###autoload
Information forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Fri, 08 Oct 2010 04:18:02 GMT) Full text and rfc822 format available.

Message #20 received at 7166 <at> debbugs.gnu.org (full text, mbox):

From: Ken Hori <fplemma <at> gmail.com>
To: Glenn Morris <rgm <at> gnu.org>
Cc: Jan Djärv <jan.h.d <at> swipnet.se>, 7166 <at> debbugs.gnu.org
Subject: Re: bug#7166: browse-url truncates the given url after an '&'
Date: Thu, 7 Oct 2010 21:21:11 -0700

The diff did it. Thanks for the fix.

On Thu, Oct 7, 2010 at 11:35 AM, Glenn Morris <rgm <at> gnu.org> wrote:
>
> I guess this might fix it:
>
> *** lisp/net/browse-url.el      2010-09-23 06:42:45 +0000
> --- lisp/net/browse-url.el      2010-10-07 18:28:31 +0000
> ***************
> *** 939,945 ****
>    (interactive (browse-url-interactive-arg "URL: "))
>    (call-process "/bin/sh" nil nil nil
>                "-c"
> !               (concat "nohup xdg-open " url
>                        ">/dev/null 2>&1 </dev/null")))
>
>  ;;;###autoload
> --- 939,945 ----
>    (interactive (browse-url-interactive-arg "URL: "))
>    (call-process "/bin/sh" nil nil nil
>                "-c"
> !               (concat "nohup xdg-open " (shell-quote-argument url)
>                        ">/dev/null 2>&1 </dev/null")))
>
>  ;;;###autoload
>
>
bug closed, send any further explanations to Ken Hori <fplemma <at> gmail.com> Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 08 Oct 2010 04:24:01 GMT) Full text and rfc822 format available.
Information forwarded to owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#7166; Package emacs. (Fri, 08 Oct 2010 17:22:02 GMT) Full text and rfc822 format available.

Message #25 received at 7166 <at> debbugs.gnu.org (full text, mbox):

From: Andreas Schwab <schwab <at> linux-m68k.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: Ken Hori <fplemma <at> gmail.com>, Jan Djärv <jan.h.d <at> swipnet.se>, 7166 <at> debbugs.gnu.org
Subject: Re: bug#7166: browse-url truncates the given url after an '&'
Date: Fri, 08 Oct 2010 19:24:55 +0200

Glenn Morris <rgm <at> gnu.org> writes:

> I guess this might fix it:
>
> *** lisp/net/browse-url.el	2010-09-23 06:42:45 +0000
> --- lisp/net/browse-url.el	2010-10-07 18:28:31 +0000
> ***************
> *** 939,945 ****
>     (interactive (browse-url-interactive-arg "URL: "))
>     (call-process "/bin/sh" nil nil nil
>   		"-c"
> ! 		(concat "nohup xdg-open " url
>   			">/dev/null 2>&1 </dev/null")))
>   
>   ;;;###autoload
> --- 939,945 ----
>     (interactive (browse-url-interactive-arg "URL: "))
>     (call-process "/bin/sh" nil nil nil
>   		"-c"
> ! 		(concat "nohup xdg-open " (shell-quote-argument url)
>   			">/dev/null 2>&1 </dev/null")))
>   
>   ;;;###autoload

The use of /bin/sh is completely unnecessary.  The nil for infile and
buffer are already equivalent to the explicit redirections.

Andreas.

-- 
Andreas Schwab, schwab <at> linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 06 Nov 2010 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 14 years and 231 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.