The potential to exploit the kfmclient does seem like something to at least consider. Is there some way we can protect the user against this or should the 'kfmclient exec' be dropped due to its potential for being exploited?
We may need a translation table to effectively use the mime database. http\ \shell is the windows key, text/html is the mime type. Not sure how other types map, like mp3 or avi on windows, too lazy to check atm ;-) It seems like a very worthwhile thing to do though.
Chris
On Monday 29 December 2003 10:13 pm, Dan Kegel wrote:
Rein Klazes wrote:
Under KDE it should be enough to do:
kfmclient exec "${file}"
choosing in case of a html file the default browser configured for KDE. It works also for eg .mp3 files, but then the file spec must have been converted from WINE to Unix paths, for instance with "winepath".
Makes me nervous... the ability to cause code to execute is one of the most frequently abused powers of IE.
Besides, wine isn't kde specific; we can't rely on kfmclient to exist. It would be better to make use of http://freedesktop.org/Standards/shared-mime-info-spec That way it would work with not just KDE, but also Gnome and any other freedesktop.org-compliant environment.
- Dan