--- enscript-1.6.1/src/gsint.h.CAN-2004-1184 1998-06-25 08:18:32.000000000 +0100 +++ enscript-1.6.1/src/gsint.h 2005-01-10 14:39:28.000000000 +0000 @@ -643,4 +643,9 @@ */ void printer_close ___P ((void *context)); +/* + * Escape filenames for shell usage + */ +char *shell_escape ___P ((const char *fn)); + #endif /* not GSINT_H */ --- enscript-1.6.1/src/util.c.CAN-2004-1184 1998-06-24 07:48:21.000000000 +0100 +++ enscript-1.6.1/src/util.c 2005-01-10 14:39:28.000000000 +0000 @@ -1108,6 +1108,8 @@ /* Create result. */ cp = xmalloc (len + 1); + if (cp == NULL) + return NULL; for (i = 0, j = 0; string[i]; i++) switch (string[i]) { @@ -1719,6 +1721,7 @@ char *cmd = NULL; int cmdlen; int i, pos; + char *cp; is->is_pipe = 1; @@ -1742,12 +1745,16 @@ { case 's': /* Expand cmd-buffer. */ - cmdlen += strlen (fname); - cmd = xrealloc (cmd, cmdlen); + if ((cp = shell_escape (fname)) != NULL) + { + cmdlen += strlen (cp); + cmd = xrealloc (cmd, cmdlen); - /* Paste filename. */ - strcpy (cmd + pos, fname); - pos += strlen (fname); + /* Paste filename. */ + strcpy (cmd + pos, cp); + pos += strlen (cp); + free (cp); + } i++; break; @@ -1860,3 +1867,36 @@ return 1; } + +/* + * Escapes the name of a file so that the shell groks it in 'single' + * quotation marks. The resulting pointer has to be free()ed when not + * longer used. +*/ +char * +shell_escape(const char *fn) +{ + size_t len = 0; + const char *inp; + char *retval, *outp; + + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': len += 4; break; + default: len += 1; break; + } + + outp = retval = malloc(len + 1); + if(!outp) + return NULL; /* perhaps one should do better error handling here */ + for(inp = fn; *inp; ++inp) + switch(*inp) + { + case '\'': *outp++ = '\''; *outp++ = '\\'; *outp++ = '\'', *outp++ = '\''; break; + default: *outp++ = *inp; break; + } + *outp = 0; + + return retval; +} --- enscript-1.6.4/src/main.c.can-2004-1184 2003-03-05 00:36:32.000000000 -0700 +++ enscript-1.6.4/src/main.c 2005-02-08 15:38:27.144246832 -0700 @@ -1495,6 +1495,7 @@ if (output_language_pass_through) { char *start_state; + char *safe; Buffer cmd; char intbuf[256]; @@ -1547,7 +1548,12 @@ buffer_append (&cmd, " "); buffer_append (&cmd, "-Ddocument_title=\""); - buffer_append (&cmd, title); + safe = shell_escape (title); + if (safe) + { + buffer_append (&cmd, safe); + free (safe); + } buffer_append (&cmd, "\" "); buffer_append (&cmd, "-Dtoc="); @@ -1565,8 +1571,14 @@ /* Append input files. */ for (i = optind; i < argc; i++) { - buffer_append (&cmd, " "); - buffer_append (&cmd, argv[i]); + safe = shell_escape (argv[i]); + if (safe) + { + buffer_append (&cmd, " \""); + buffer_append (&cmd, safe); + buffer_append (&cmd, "\""); + free (safe); + } } /* And do the job. */