| Improved patch to fix CVE 2007-5837 - remote code injection. |
| See Gentoo bug #197660 and #378413. |
| |
| --- yarssr-0.2.2/lib/Yarssr/GUI.pm |
| +++ yarssr-0.2.2/lib/Yarssr/GUI.pm |
| @@ -163,8 +163,15 @@ |
| } |
| else { |
| my $b = Yarssr::Config->get_browser; |
| - $b .= " \"$url\"" unless $b =~ s/\%s/"$url"/; |
| - exec($b) or warn "unable to launch browser\n"; |
| + my @b = split(' ', Yarssr::Config->get_browser); |
| + if (grep(/\%s/, @b)) |
| + { |
| + map {grep(s/\%s/$url/, $_) => $_} @b; |
| + } |
| + else { |
| + push(@b, $url); |
| + } |
| + exec(@b) or warn "unable to launch browser\n"; |
| exit; |
| } |
| } |