aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJörg Thalheim <joerg@higgsboson.tk>2014-11-12 22:43:24 (GMT)
committerAdrian C. (anrxc) <anrxc@sysphere.org>2014-11-15 21:03:12 (GMT)
commit336ce9bbd7c620226d0ef01ba58c02be12f7b90e (patch)
tree5b0a621678799fcbb68add662b937087354989eb
parent50fd2334b6a720f798782f7690287b71642cb9a8 (diff)
downloadvicious-legacy-336ce9bbd7c620226d0ef01ba58c02be12f7b90e.tar.xz
shell escape variables before passing them to the shell
Signed-off-by: Adrian C. (anrxc) <anrxc@sysphere.org>
-rw-r--r--README8
-rw-r--r--helpers.lua9
-rw-r--r--widgets/fs.lua2
-rw-r--r--widgets/hddtemp.lua4
-rw-r--r--widgets/mdir.lua6
-rw-r--r--widgets/volume.lua3
-rw-r--r--widgets/weather.lua4
-rw-r--r--widgets/wifi.lua2
8 files changed, 27 insertions, 11 deletions
diff --git a/README b/README
index 4f1ff50..3a4f2b8 100644
--- a/README
+++ b/README
@@ -224,8 +224,10 @@ vicious.widgets.wifi
vicious.widgets.mbox
- provides the subject of last e-mail in a mbox file
- takes the full path to the mbox as an argument, or a table with
- 1st field as path, 2nd as maximum lenght and 3rd (optional) as
- widget name - if 3rd field is present scrolling will be used
+ 1st field as path, 2nd as maximum length and 3rd (optional) as
+ widget name - if 3rd field is present scrolling will be used (note: the
+ path will be escaped so special variables like ~ will not work, use
+ os.getenv("HOME").."mail" instead to access environment variables)
- returns 1st value as the subject of the last e-mail
vicious.widgets.mboxc
@@ -244,7 +246,7 @@ vicious.widgets.mdir
vicious.widgets.gmail
- provides count of new and subject of last e-mail on Gmail
- takes an (optional) argument, if it's a number subject will be
- truncated, if a table, with 1st field as maximum lenght and 2nd
+ truncated, if a table, with 1st field as maximum length and 2nd
the widget name (i.e. "gmailwidget"), scrolling will be used
- keeps login information in the ~/.netrc file, example:
machine mail.google.com login user password pass
diff --git a/helpers.lua b/helpers.lua
index 4c15690..7c8dd0c 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -97,6 +97,15 @@ function helpers.escape(text)
end
-- }}}
+-- {{{ Escape a string for save usage on the command line
+function helpers.shellquote(s)
+ if s == nil then return "" end
+ -- use single quotes, and put single quotes into double quotes
+ -- the string $'b is then quoted as '$'"'"'b'"'"'
+ return "'" .. s:gsub("'", "'\"'\"'") .. "'"
+end
+-- }}}
+
-- {{{ Capitalize a string
function helpers.capitalize(text)
return text and text:gsub("([%w])([%w]*)", function(c, s)
diff --git a/widgets/fs.lua b/widgets/fs.lua
index 7832b1f..4b889dc 100644
--- a/widgets/fs.lua
+++ b/widgets/fs.lua
@@ -27,7 +27,7 @@ local function worker(format, warg)
if warg then warg = "" else warg = "-l" end
local fs_info = {} -- Get data from df
- local f = io.popen("LC_ALL=C df -kP " .. warg)
+ local f = io.popen("LC_ALL=C df -kP " .. helpers.shellquote(warg))
for line in f:lines() do -- Match: (size) (used)(avail)(use%) (mount)
local s = string.match(line, "^.-[%s]([%d]+)")
diff --git a/widgets/hddtemp.lua b/widgets/hddtemp.lua
index 85ee767..5c2b1a6 100644
--- a/widgets/hddtemp.lua
+++ b/widgets/hddtemp.lua
@@ -8,6 +8,7 @@ local tonumber = tonumber
local io = { popen = io.popen }
local setmetatable = setmetatable
local string = { gmatch = string.gmatch }
+local helpers = require("vicious.helpers")
-- }}}
@@ -22,7 +23,8 @@ local function worker(format, warg)
if warg == nil then warg = 7634 end
local hdd_temp = {} -- Get info from the hddtemp daemon
- local f = io.popen("echo | curl --connect-timeout 1 -fsm 3 telnet://127.0.0.1:"..warg)
+ local quoted = helpers.shellquote(warg)
+ local f = io.popen("echo | curl --connect-timeout 1 -fsm 3 telnet://127.0.0.1:"..quoted)
for line in f:lines() do
for d, t in string.gmatch(line, "|([%/%a%d]+)|.-|([%d]+)|[CF]+|") do
diff --git a/widgets/mdir.lua b/widgets/mdir.lua
index d7c6f3d..bea9088 100644
--- a/widgets/mdir.lua
+++ b/widgets/mdir.lua
@@ -7,6 +7,7 @@
-- {{{ Grab environment
local io = { popen = io.popen }
local setmetatable = setmetatable
+local helpers = require("vicious.helpers")
-- }}}
@@ -23,13 +24,14 @@ local function worker(format, warg)
local count = { new = 0, cur = 0 }
for i=1, #warg do
+ quoted_path = helpers.shellquote(warg[i])
-- Recursively find new messages
- local f = io.popen("find '"..warg[i].."' -type f -wholename '*/new/*'")
+ local f = io.popen("find "..quoted_path.." -type f -wholename '*/new/*'")
for line in f:lines() do count.new = count.new + 1 end
f:close()
-- Recursively find "old" messages lacking the Seen flag
- local f = io.popen("find '"..warg[i].."' -type f -regex '.*/cur/.*2,[^S]*$'")
+ local f = io.popen("find "..quoted_path.." -type f -regex '.*/cur/.*2,[^S]*$'")
for line in f:lines() do count.cur = count.cur + 1 end
f:close()
end
diff --git a/widgets/volume.lua b/widgets/volume.lua
index 2a7d377..57970a3 100644
--- a/widgets/volume.lua
+++ b/widgets/volume.lua
@@ -8,6 +8,7 @@ local tonumber = tonumber
local io = { popen = io.popen }
local setmetatable = setmetatable
local string = { match = string.match }
+local helpers = require("vicious.helpers")
-- }}}
@@ -26,7 +27,7 @@ local function worker(format, warg)
}
-- Get mixer control contents
- local f = io.popen("amixer -M get " .. warg)
+ local f = io.popen("amixer -M get " .. helpers.shellquote(warg))
local mixer = f:read("*all")
f:close()
diff --git a/widgets/weather.lua b/widgets/weather.lua
index 029df7e..632d5b9 100644
--- a/widgets/weather.lua
+++ b/widgets/weather.lua
@@ -40,8 +40,8 @@ local function worker(format, warg)
-- Get weather forceast by the station ICAO code, from:
-- * US National Oceanic and Atmospheric Administration
- local noaa = "http://weather.noaa.gov/pub/data/observations/metar/decoded/"
- local f = io.popen("curl --connect-timeout 1 -fsm 3 "..noaa..warg..".TXT")
+ local url = "http://weather.noaa.gov/pub/data/observations/metar/decoded/"..warg
+ local f = io.popen("curl --connect-timeout 1 -fsm 3 "..helpers.shellquote(url)..".TXT")
local ws = f:read("*all")
f:close()
diff --git a/widgets/wifi.lua b/widgets/wifi.lua
index 15666e5..973f109 100644
--- a/widgets/wifi.lua
+++ b/widgets/wifi.lua
@@ -58,7 +58,7 @@ local function worker(format, warg)
end
-- Get data from iwconfig where available
- local f = io.popen(iwconfig .." ".. warg .. " 2>&1")
+ local f = io.popen(iwconfig .." ".. helpers.shellquote(warg) .. " 2>&1")
local iw = f:read("*all")
f:close()