head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.8 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.6 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.4 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.2 pkgsrc-2011Q2-base:1.2; locks; strict; comment @# @; 1.2 date 2011.04.05.12.05.01; author wiz; state dead; branches; next 1.1; 1.1 date 2011.04.05.09.13.43; author wiz; state Exp; branches; next ; desc @@ 1.2 log @The syntax doesn't work on most shells, remove the patches again until they're fixed properly. Reported by drochner. Bump PKGREVISION. @ text @$NetBSD: patch-aa,v 1.1 2011/04/05 09:13:43 wiz Exp $ 2008-01-24 Kevin Krammer * Fixing security issue in xdg-email and xdg-open at replacing parameter in $BROWSER diff --git a/scripts/xdg-email b/scripts/xdg-email index 87f0fc0..3b07f5d 100755 --- a/scripts/xdg-email +++ ./scripts/xdg-email @@@@ -435,7 +435,8 @@@@ open_generic() for browser in $BROWSER; do if [ x"$browser" != x"" ]; then - browser_with_arg=`echo "$browser" | sed s#%s#"$1"#` + IFS=' ' + browser_with_arg=${browser//'%s'/"$1"} if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1"; else $browser_with_arg; @@@@ -495,7 +496,7 @@@@ while [ $# -gt 0 ] ; do exit_failure_syntax "email address argument missing for --to" fi url_encode "$1" - options="${options}to=${result}&" + options="${options}to=${result}&" shift ;; @@@@ -531,7 +532,7 @@@@ while [ $# -gt 0 ] ; do exit_failure_syntax "text argument missing for --body option" fi url_encode "$1" - options="${options}body=${result}&" + options="${options}body=${result}&" shift ;; @@@@ -575,7 +576,7 @@@@ done if [ -z "${mailto}" ] ; then # TO address is optional - mailto="mailto:?" + mailto="mailto:?" fi case $mailto in @ 1.1 log @Fix CVE-2008-0386 using patch from upstream repository. Patch created by Makoto Fujiwara. Bump PKGREVISION, set LICENSE. @ text @d1 1 a1 1 $NetBSD$ @