diff options
| author | Jan Pokorný <jpokorny@redhat.com> | 2013-07-24 17:05:44 +0200 |
|---|---|---|
| committer | Jan Pokorný <jpokorny@redhat.com> | 2013-07-24 17:08:57 +0200 |
| commit | a33895924f5fca5555f5c789a1c53ef860c7db48 (patch) | |
| tree | 0390dddd76ec4cece7e07173a00d902d301429c2 | |
| parent | 6c11f70931903647cf5856c86b7c5aa40f1cebb1 (diff) | |
| download | irssi-notify-a33895924f5fca5555f5c789a1c53ef860c7db48.tar.gz irssi-notify-a33895924f5fca5555f5c789a1c53ef860c7db48.tar.xz irssi-notify-a33895924f5fca5555f5c789a1c53ef860c7db48.zip | |
Prevent shell injection by escaping backticks + dollar sign
Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
| -rw-r--r-- | notify.pl | 8 |
1 files changed, 5 insertions, 3 deletions
@@ -10,14 +10,14 @@ use Irssi; use vars qw($VERSION %IRSSI); use HTML::Entities; -$VERSION = "0.01"; +$VERSION = "0.01_jpokorny"; %IRSSI = ( - authors => 'Luke Macken, Paul W. Frields', + authors => 'Luke Macken, Paul W. Frields (+ minor ad-hoc tweaking by Jan Pokorny)', contact => 'lewk@csh.rit.edu, stickster@gmail.com', name => 'notify.pl', description => 'Use libnotify to alert user to hilighted messages', license => 'GNU General Public License', - url => 'http://lewk.org/log/code/irssi-notify', + url => 'http://fedorapeople.org/cgit/jpokorny/public_git/irssi-notify.git', ); Irssi::settings_add_str('notify', 'notify_icon', 'gtk-dialog-info'); @@ -25,6 +25,8 @@ Irssi::settings_add_str('notify', 'notify_time', '5000'); sub sanitize { my ($text) = @_; + $text =~ s/`/\\`/g; + $text =~ s/\$/\\\$/g; encode_entities($text); return $text; } |