On 12/07/2009 06:13 PM, Uwe Stöhr wrote:
rgheck schrieb:
Again out of curiosity, what is the mechanism (cross-platform) for this?
When you double click in a file explorer on a JPG file a program is
opened showing the JPG. This
works on all platforms. The "auto" setting does nothing special, but
simply call e.g.
test.jpg
The OS does the rest. So this is the same as if you would have clicked
on the image file in a file
explorer.
This is wrong. Windows Explorer has the "ability" to "run" any sort of
file. So if you click on a jpeg, it'll happily try to run it, and under
the right circumstances will launch a jpeg viewer. On the other hand, if
the file happens to be an executable, Windows will sometimes REALLY run
it, which is one of the biggest security holes in Windows. It's the one
crackers exploit when they send viruses in email that are disguised as
images.
Linux, on the other hand, enforces a distinction between executables and
other sorts of files, so it does not just run anything you throw at it.
Thus, I get:
Systemcall.cpp(111): QProcess %s
"/tmp/lyx_tmpdir.MT5657/lyx_tmpbuf0/r.rtf" did not start!
Systemcall.cpp(112): error The process failed to start. Either the
invoked program is missing, or you may have insufficient permissions to
invoke the program.
Error: Cannot view file
----------------------------------------
An error occurred whilst running %s
"/tmp/lyx_tmpdir.MT5657/lyx_tmpbuf0/r.rtf"
So this just fails on Linux and, I'd assume, OSX, too.
If you want to introduce such support for doc, rtf, etc, then you should
do it the way we handle dia, xfig, and the like. We should check for a
"real" viewer, such as OpenOffice, Word, or whatever, and if we don't
find one then it just defaults to "auto". The same for WMF and EMF. If
you don't like that, then you should at least replace the "%s" in the
lines you changed with "auto". As it is now, I think we have a very big
security hole.
Actually, I'd like someone to explain to me whether we don't already
have one. Suppose I send someone a LyX file together with an executable
virus, disguised as a WMF, and then attempt to view or edit it from
inside LyX. Can't this cause that file to be executed, thus infecting
the user's system? If so, then "auto" should be disabled on Windows, or
maybe just removed altogether, since it only works on Windows at present.
rh
