https://bugzilla.novell.com/show_bug.cgi?id=752454 https://bugzilla.novell.com/show_bug.cgi?id=752454#c14 --- Comment #14 from Vincent Untz <vuntz@suse.com> 2012-03-27 14:43:36 UTC --- (In reply to comment #13)
Yes, but that patch only suffices if cups itself checks the decoded names for sanity, e.g. they do not contain newlines, spaces etc. so that config files would be fscked.
We already validate the name before we even try to escape it (a printer name is always validated when it comes from the caller). What we don't do in a good enough way, though, is validating URIs that come from the caller. Right now, we just do some basic checks for the URIs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.