github/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent synced 2025-08-20 13:23:34 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge pull request #10953 from Chocobo1/backport

Browse source 
Backport to v4_1_x
This commit is contained in:
Mike Tzou 2019-07-21 21:19:05 +08:00 committed by GitHub
commit e8850c7a70
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/app/application.cpp
View file

@ -332,7 +332,11 @@ void Application::runExternalProgram(const BitTorrent::TorrentHandle *torrent) c
::LocalFree(args);
#else
QProcess::startDetached(QLatin1String("/bin/sh"), {QLatin1String("-c"), program});
// Cannot give users shell environment by default, as doing so could
// enable command injection via torrent name and other arguments
// (especially when some automated download mechanism has been setup).
// See: https://github.com/qbittorrent/qBittorrent/issues/10925
QProcess::startDetached(program);
#endif
}