corsac at debian.org
Mon Jun 10 23:17:47 CEST 2013
On lun., 2013-06-10 at 13:41 -0700, Jeroen van Aart wrote:
> As far as I can see, having looked through a few panel plugin sources,
> it's an acceptable way of doing it.
Acceptable doesn't mean it's the best way, nor that you should pick
> Line 70 of xfce4-weather-plugin-0.7.4/panel-plugin/weather-summary.c
> which was written by the "Xfce Development Team"
There's no such thing as “Xfce Development Team”, it's a copyright entry
placeholder. Look at git blame / svn blame.
> and I presume is a core
It's not a core application, it's a plugin.
> contains the following:
> gchar *str = g_strdup_printf("exo-open --launch WebBrowser %s", url);
Yeah, and it's not really pretty.
> Do you mean that's wrong as well?
It's not /wrong/ per se. It's just weird and ugly.
> Maybe we should propose patches to all
> (core) applications of xfce which contain the offending code? Since it
> could be a security risk with regards to command injection.
If you find some, sure, I think it could be done better.
> Be that as it may I did plan on using the library call at some point.
> Recently my focus was on just getting it to work.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: This is a digitally signed message part
More information about the Xfce4-dev