On 04/04/17 03:58, Holger Klemm wrote:
Am Sonntag, 2. April 2017, 23:27:03 CEST schrieb Tobias Ellinghaus:
Are there plans to move this into darktable's lua-repository on github?
Yes, why not, but I think we should wait for more translations and bug fixes
As with Holger's enfuse plugin, I think the filename handling needs to
be a bit more robust before it's ready for general use. As far as I can
tell, any file pathname with a double-quote, backtick or dollar symbol
in it (more likely in a directory component, but potentially in a
filename), will cause problems because they will get interpreted by
/bin/sh when you call dt.control.execute(). Escaping each pathname with
"\"" .. string.gsub(arg, "([\"\\`$])", "\\%1") .. "\""
should probably do the trick.
Note that this same kind of problem was fixed in ImageMagick last year,
accompanied by a fair bit of negative publicity. See
https://access.redhat.com/security/vulnerabilities/ImageTragick
https://arstechnica.com/security/2017/01/that-critical-imagetragick-bug-ars-warned-you-about-it-cost-facebook-40k/
cheers
David
--
David Houlder
da...@davidhoulder.com
http://davidhoulder.com
___________________________________________________________________________
darktable developer mailing list
to unsubscribe send a mail to darktable-dev+unsubscr...@lists.darktable.org
