diff options
author | Einhard Leichtfuß <alguien@respiranto.de> | 2018-12-03 21:23:24 +0100 |
---|---|---|
committer | Einhard Leichtfuß <alguien@respiranto.de> | 2018-12-03 21:29:37 +0100 |
commit | dc1be4c559bb2cfef9fe923a77b3cb474c196358 (patch) | |
tree | fe31140fd6a5abd84836e1dfc1119dece27739cd | |
parent | 65bcfce435ba755ca17077c6cd53b5edbe785b31 (diff) |
Treat temporary file with care
Particularly in case somebody uses de-/encrypting {input,ouput}_program,
it is important that the temporary file containing the decrypted data
remains only accessible by the current user and is deleted when no
longer needed.
-rw-r--r-- | CHANGELOG | 2 | ||||
-rw-r--r-- | TODO | 5 | ||||
-rw-r--r-- | ctct.in | 12 |
3 files changed, 16 insertions, 3 deletions
@@ -14,5 +14,5 @@ General: Compatibility: -------------- - Fixed incompatibility with OpenBSD. - `- Use `sed -E' (extended regular expressions) in ./configure. + `- Simplify configure[.ac] (most notably get rid of `sed'). `- Use `/usr/bin/env bash' in the shebang. @@ -3,6 +3,10 @@ TODO file for ctct [GENERAL] * consider using an array for *_program to specify arguments `- to circumvent the necessity for eval +* Honor $VISUAL. + +[CONFIGURE SCRIPT] +* Take care of some_dir=/ (man page). [FEATURES] * care about pictures/ subdirectory @@ -11,6 +15,7 @@ TODO file for ctct * upon a single result ('--search-by-*), directly display the contents of the entry `- should be made customizable +* [optional] Do not create a new entry if nothing is entered in the editor. [BUGS] * strange behaviour: @@ -57,6 +57,12 @@ usage: EOF } +function cleanup() +{ + test -v tmp_file && test -f "$tmp_file" && rm "$tmp_file" +} +trap cleanup EXIT + function main() { if ! test -d "$datadir" && ! mkdir "$datadir" @@ -208,13 +214,13 @@ function search_file() function list_all() { - # NEW + # Use find instead of ls to avoid listing non-regular files. find "$datadir" -maxdepth 1 -type f | sed 's|.*/||' } function edit_file() { - local file tmp_file editor new=false + local file editor new=false if ! file="$datadir/$(get_filename "$1")" then @@ -244,10 +250,12 @@ function edit_file() "$editor" "$file" else tmp_file="$(mktemp)" + chmod 600 "$tmp_file" # output_program may contain further arguments: ! $new && eval "$output_program" < "$file" > "$tmp_file" "$editor" "$tmp_file" eval "$input_program" < "$tmp_file" > "$file" + rm "$tmp_file" && unset tmp_file fi } |