search for: sys_tempdir

...e: > Hello, > > This is probably a very minor point, but R_CleanTempDir may still have > a shell injection in it. I couldn't find a way to shoot the user in the > foot in a significant way (by, say, accidentally removing ~), thanks to > R disallowing spaces in the path, but if Sys_TempDir somehow acquires a > value of "/tmp/';echo;'", R_CleanTempDir() will remove /tmp instead of > its aptly-named subdirectory. Please see 83851 from earlier today which does a bit more of robustification, and if you find any problem in it, please let me know. > While adding...

Hello, This is probably a very minor point, but R_CleanTempDir may still have a shell injection in it. I couldn't find a way to shoot the user in the foot in a significant way (by, say, accidentally removing ~), thanks to R disallowing spaces in the path, but if Sys_TempDir somehow acquires a value of "/tmp/';echo;'", R_CleanTempDir() will remove /tmp instead of its aptly-named subdirectory. While adding the single-quote symbol to the list of special symbols should suffice (it and the backslash being the only allowed ways to "un-quote" a s...