Jeroen van Aart
jeroen at mompl.net
Mon Jun 10 22:41:12 CEST 2013
On 06/10/2013 01:18 PM, Yves-Alexis Perez wrote:
> On ven., 2013-06-07 at 21:31 -0700, Jeroen van Aart wrote:
>> Jonas Kulla wrote:
>>>> Considering the plugin is part of the core xfce apps I will assume it's
>>>> the appropriate way to do it. I also found out about exo_execute_preferred_
>>>> **application() however I didn't feel like including another library.
>>> Why not? Exo is part of core xfce, so you'll always have it present.
>> You're right, I phrased it incorrectly. I had to include another header
>> file and edit makefiles to get exo library to work and at the moment I
>> didn't feel like doing that. Also I felt that linking against an extra
>> library wasn't such a good idea as opposed to running an external
>> command the way the weather plugin does.
> Running external commands directly from a plugin is what I find weird
> here. Especially since you need to take care yourself of preventing
> command injection and stuff like that.
As far as I can see, having looked through a few panel plugin sources,
it's an acceptable way of doing it.
Line 70 of xfce4-weather-plugin-0.7.4/panel-plugin/weather-summary.c
which was written by the "Xfce Development Team" and I presume is a core
application, contains the following:
gchar *str = g_strdup_printf("exo-open --launch WebBrowser %s", url);
Do you mean that's wrong as well? Maybe we should propose patches to all
(core) applications of xfce which contain the offending code? Since it
could be a security risk with regards to command injection.
Be that as it may I did plan on using the library call at some point.
Recently my focus was on just getting it to work.
Earthquake Magnitude: 4.7
Date: Monday, June 10, 2013 11:52:10 UTC
Location: Mindanao, Philippines
Latitude: 5.2973; Longitude: 126.0703
Depth: 86.00 km
More information about the Xfce4-dev