diff options
| author | Sebastien Helleu <flashcode@flashtux.org> | 2014-03-17 14:59:00 +0100 |
|---|---|---|
| committer | Sebastien Helleu <flashcode@flashtux.org> | 2014-03-17 14:59:00 +0100 |
| commit | 30de830982f127c538602f05f4c9eb32d5f991cf (patch) | |
| tree | 11efa828a77f50f5a405e9a5a8052a48f417dd43 /src | |
| parent | e84eaafe8e56c359f95db0d19a13c5ca6fad9468 (diff) | |
| download | weechat-30de830982f127c538602f05f4c9eb32d5f991cf.zip | |
exec: don't use shell by default when executing commands (for security reasons)
It is possible to force shell by default with this command:
/set exec.command.default_options "-sh"
Diffstat (limited to 'src')
| -rw-r--r-- | src/plugins/exec/exec-command.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/plugins/exec/exec-command.c b/src/plugins/exec/exec-command.c index 441ed1926..f46419203 100644 --- a/src/plugins/exec/exec-command.c +++ b/src/plugins/exec/exec-command.c @@ -381,7 +381,7 @@ exec_command_run (struct t_gui_buffer *buffer, /* parse command options */ cmd_options.command_index = -1; - cmd_options.use_shell = 1; + cmd_options.use_shell = 0; cmd_options.detached = 0; cmd_options.pipe_stdin = 0; cmd_options.timeout = 0; @@ -764,10 +764,11 @@ exec_command_init () " || -set <id> <property> <value>" " || -del <id>|-all [<id>...]"), N_(" -list: list commands\n" - " -sh: use the shell to execute the command (default)\n" + " -sh: use the shell to execute the command (WARNING: use this " + "option ONLY if all arguments are safe date, see option -nosh)\n" " -nosh: do not use the shell to execute the command (required if " "the command has some unsafe data, for example the content of a " - "message from another user)\n" + "message from another user) (default)\n" " -bg: run process in background: do not display process output " "neither return code (not compatible with options -o/-n)\n" " -nobg: catch process output and display return code (default)\n" |