mirror/org-mode
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/emacs/org-mode.git synced 2025-01-30 20:41:41 +00:00
Code

* lisp/ob-latex.el: Fix command injection vulnerability

Browse Source 
(org-babel-execute:latex):
Replaced the `(shell-command "mv BAR NEWBAR")' with `rename-file'.

TINYCHANGE
This commit is contained in:
Xi Lu 2023-03-11 18:53:37 +08:00 committed by Ihor Radchenko
parent dd25e2704f
commit a8006ea580
No known key found for this signature in database
GPG Key ID: 6470762A7DA11D8B
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lisp/ob-latex.el
View File

@ -218,17 +218,14 @@ This function is called by `org-babel-execute-src-block'."
(if (string-suffix-p ".svg" out-file)
(progn
(shell-command "pwd")
(shell-command (format "mv %s %s"
(concat (file-name-sans-extension tex-file) "-1.svg")
out-file)))
(rename-file (concat (file-name-sans-extension tex-file) "-1.svg")
out-file t))
(error "SVG file produced but HTML file requested")))
((file-exists-p (concat (file-name-sans-extension tex-file) ".html"))
(if (string-suffix-p ".html" out-file)
(shell-command "mv %s %s"
(concat (file-name-sans-extension tex-file)
".html")
out-file)
(error "HTML file produced but SVG file requested")))))
(rename-file (concat (file-name-sans-extension tex-file) ".html")
out-file t)
(error "HTML file produced but SVG file requested")))))
((or (string= "pdf" extension) imagemagick)
(with-temp-file tex-file
(require 'ox-latex)