From dc1be4c559bb2cfef9fe923a77b3cb474c196358 Mon Sep 17 00:00:00 2001
From: Einhard Leichtfuß <alguien@respiranto.de>
Date: Mon, 3 Dec 2018 21:23:24 +0100
Subject: Treat temporary file with care

Particularly in case somebody uses de-/encrypting {input,ouput}_program,
it is important that the temporary file containing the decrypted data
remains only accessible by the current user and is deleted when no
longer needed.
---
 CHANGELOG |  2 +-
 TODO      |  5 +++++
 ctct.in   | 12 ++++++++++--
 3 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index bffe063..4fa3218 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -14,5 +14,5 @@ General:
 Compatibility:
 --------------
 - Fixed incompatibility with OpenBSD.
- `- Use `sed -E' (extended regular expressions) in ./configure.
+ `- Simplify configure[.ac] (most notably get rid of `sed').
  `- Use `/usr/bin/env bash' in the shebang.
diff --git a/TODO b/TODO
index 9ac9810..6dea8e3 100644
--- a/TODO
+++ b/TODO
@@ -3,6 +3,10 @@ TODO file for ctct
 [GENERAL]
 * consider using an array for *_program to specify arguments
  `- to circumvent the necessity for eval
+* Honor $VISUAL.
+
+[CONFIGURE SCRIPT]
+* Take care of some_dir=/ (man page).
 
 [FEATURES]
 * care about pictures/ subdirectory
@@ -11,6 +15,7 @@ TODO file for ctct
 * upon a single result ('--search-by-*), directly display the contents of the
   entry
  `- should be made customizable
+* [optional] Do not create a new entry if nothing is entered in the editor.
 
 [BUGS]
 * strange behaviour:
diff --git a/ctct.in b/ctct.in
index a98561a..624566c 100644
--- a/ctct.in
+++ b/ctct.in
@@ -57,6 +57,12 @@ usage:
 EOF
 }
 
+function cleanup()
+{
+	test -v tmp_file && test -f "$tmp_file" && rm "$tmp_file"
+}
+trap cleanup EXIT
+
 function main()
 {
 	if ! test -d "$datadir" && ! mkdir "$datadir"
@@ -208,13 +214,13 @@ function search_file()
 
 function list_all()
 {
-	# NEW
+	# Use find instead of ls to avoid listing non-regular files.
 	find "$datadir" -maxdepth 1 -type f | sed 's|.*/||'
 }
 
 function edit_file()
 {
-	local file tmp_file editor new=false
+	local file editor new=false
 	
 	if ! file="$datadir/$(get_filename "$1")"
 	then
@@ -244,10 +250,12 @@ function edit_file()
 		"$editor" "$file"
 	else
 		tmp_file="$(mktemp)"
+		chmod 600 "$tmp_file"
 		# output_program may contain further arguments:
 		! $new && eval "$output_program" < "$file" > "$tmp_file"
 		"$editor" "$tmp_file"
 		eval "$input_program" < "$tmp_file" > "$file"
+		rm "$tmp_file" && unset tmp_file
 	fi
 }
 
-- 
cgit v1.2.3