EDITOR may contain shell code, so exec a shell to run it
This commit is contained in:
parent
c2c0659bc8
commit
dca812bd27
@ -363,6 +363,7 @@ editperm(MYSQL *pmysql, const char *db)
|
||||
char fn[] = "/tmp/mysql-dbadm.tmp.XXXXXX";
|
||||
FILE *f;
|
||||
char *editor;
|
||||
char *cmd;
|
||||
char line[1024]; /* buffer to hold one line */
|
||||
char *cp; /* used to interate through a line */
|
||||
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
|
||||
@ -418,7 +419,11 @@ editperm(MYSQL *pmysql, const char *db)
|
||||
if (!editor)
|
||||
editor = "pico"; /* OK since editor won't be freed */
|
||||
|
||||
execlp(editor, editor, fn, NULL);
|
||||
cmd = malloc(sizeof(char) * strlen(editor) + 7);
|
||||
sprintf(cmd, "%s \"$1\"", editor);
|
||||
|
||||
/* sh -c '$EDITOR "$1"' sh "$fn" */
|
||||
execlp("sh", "sh", "-c", cmd, "sh", fn, NULL);
|
||||
perror("Failed to execute editor");
|
||||
fprintf(stderr, "Make sure the EDITOR environment variable contains"
|
||||
" a valid editor\n");
|
||||
|
Loading…
Reference in New Issue
Block a user