diff --git a/app/mainAppWindow/index.js b/app/mainAppWindow/index.js index 4b06d8ea..40447ddb 100644 --- a/app/mainAppWindow/index.js +++ b/app/mainAppWindow/index.js @@ -10,7 +10,7 @@ const { StreamSelector } = require('../streamSelector'); const { LucidLog } = require('lucid-log'); const { SpellCheckProvider } = require('../spellCheckProvider'); const { httpHelper } = require('../helpers'); -const exec = require('child_process').exec; +const execFile = require('child_process').execFile; const TrayIconChooser = require('../browser/tools/trayIconChooser'); // eslint-disable-next-line no-unused-vars const { AppConfiguration } = require('../appConfiguration'); @@ -360,7 +360,7 @@ function secureOpenLink(details) { function openInBrowser(details) { if (config.defaultURLHandler.trim() !== '') { - exec(`${config.defaultURLHandler.trim()} "${details.url}"`, openInBrowserErrorHandler); + execFile(config.defaultURLHandler.trim(), [details.url], openInBrowserErrorHandler); } else { shell.openExternal(details.url); } diff --git a/com.github.IsmaelMartinez.teams_for_linux.appdata.xml b/com.github.IsmaelMartinez.teams_for_linux.appdata.xml index aa893213..0296d87f 100644 --- a/com.github.IsmaelMartinez.teams_for_linux.appdata.xml +++ b/com.github.IsmaelMartinez.teams_for_linux.appdata.xml @@ -14,6 +14,13 @@ https://github.com/IsmaelMartinez/teams-for-linux/issues com.github.IsmaelMartinez.teams_for_linux.desktop + + +
    +
  • Fix: Avoid calling child_process.exec with untrusted string
    • +
+ +
    diff --git a/package.json b/package.json index 45fcda0b..489b7f0d 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "teams-for-linux", - "version": "1.3.16", + "version": "1.3.17", "main": "app/index.js", "description": "Unofficial client for Microsoft Teams for Linux", "homepage": "https://github.com/IsmaelMartinez/teams-for-linux",