Namazu-devel-ja(旧)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Do NOT use system() (Re: namazu/filter committed by baba)

From: SATOH Fumiyasu <fumiya@xxxxxxxxxxx>
Date: Thu, 25 Jul 2002 01:30:34 +0900
X-ml-name: namazu-devel-ja
X-mail-count: 02587
References: <20020724095303.758211041D@karin.namazu.org>

この system() 危険ではないですか?
ファイル名に「`rm -r *`」といったものが含まれている場合とか。

以前にも懸案として挙げましたが、system(), `` がシェルを呼び出して
しまう問題は、代わりに IPC::Run を利用すれば回避できるかもしれないです。
Debian なら libipc-run-perl がそれです。

At Wed, 24 Jul 2002 18:53:03 +0900 (JST),
Hajime BABA wrote:
> 
> Update of /storage/cvsroot/namazu/filter
> In directory karin:/storage/tmp/cvs-serv28430/filter
> 
> Modified Files:
> 	pdf.pl 
> Log Message:
> 2002-07-24  Hajime BABA  <baba@xxxxxxxxxxxxxxxx>
> 
>         * filter/pdf.pl: Added a routine which gets the author and the title.
> 
> 
> 
> 
> namazu/filter/pdf.pl 1.24 -> 1.25 (modified)
> http://cvs.namazu.org/namazu/filter/pdf.pl.diff?r1=1.24&r2=1.25
> 
> ===================================================================
> RCS file: namazu/filter/pdf.pl,v
> retrieving revision 1.24
> retrieving revision 1.25
> diff -u -r1.24 -r1.25
> --- pdf.pl	2002/03/15 07:19:09	1.24
> +++ pdf.pl	2002/07/24 09:53:03	1.25
> @@ -29,6 +29,7 @@
>  require 'gfilter.pl';
>  
>  my $pdfconvpath = undef;
> +my $pdfinfopath = undef;
>  my $pdfconvver = 0;
>  my $pdfconvarg = '';
>  
> @@ -38,6 +39,7 @@
>  
>  sub status() {
>      $pdfconvpath = util::checkcmd('pdftotext');
> +    $pdfinfopath = util::checkcmd('pdfinfo');
>      if (defined $pdfconvpath) {
>  	my $ret = `$pdfconvpath 2>&1`;
>  	if ($ret =~ /^pdftotext\s+version\s+([0-9]+\.[0-9]+)/) {
> @@ -109,6 +111,22 @@
>  	unless $fields->{'title'};
>      gfilter::show_filter_debug_info($cont, $weighted_str,
>  			   $fields, $headings);
> +
> +    if (defined $pdfinfopath) {
> +	my $tmpfile3 = util::tmpnam('NMZ.pdf3');
> +	system("$pdfinfopath $cfile > $tmpfile3");
> +	my $fh = util::efopen("< $tmpfile3");
> +	$$cont = util::readfile($fh);
> +	undef $fh;
> +	unlink($tmpfile3);
> +	if ($$cont =~ /Title: (.*)/) { # or /Subject: (.*)/
> +	    $fields->{'title'} = $1;
> +	}
> +	if ($$cont =~ /Author: (.*)/) {
> +	    $fields->{'author'} = $1;
> +	}
> +    }
> +
>      return undef;
>  }
>  
>

Follow-Ups:
- Re: Do NOT use system()
  - From: Hajime BABA
- Re: Do NOT use system() (Re: namazu/filter committed by baba)
  - From: NOKUBI Takatsugu

Prev by Date: Re: preparing to release 2.0.11
Next by Date: Re: preparing to release 2.0.11
Previous by thread: サマリーのハイライトと"「」" (namazu-bugs-ja#277)
Next by thread: Re: Do NOT use system() (Re: namazu/filter committed by baba)
Index(es):
- Date
- Thread