From 2948d1cdf79e47b1c71b5565baae4178c8c1de39 Mon Sep 17 00:00:00 2001
From: Michele Calgaro <michele.calgaro@yahoo.it>
Date: Sun, 16 Feb 2020 13:37:37 +0900
Subject: [PATCH] Security: remove support for  in KRun which could have
 allowed execution of malicious code. This is similar to issue TDE/tdelibs#45
 for .desktop files.

Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
---
 konqueror/konq_mainwindow.cc | 21 +--------------------
 1 file changed, 1 insertion(+), 20 deletions(-)

diff --git a/konqueror/konq_mainwindow.cc b/konqueror/konq_mainwindow.cc
index 4b8efaaf9..ff9d797cb 100644
--- a/konqueror/konq_mainwindow.cc
+++ b/konqueror/konq_mainwindow.cc
@@ -490,26 +490,7 @@ void KonqMainWindow::openURL( KonqView *_view, const KURL &_url,
 
       while( nDollarPos != -1 && nDollarPos+1 < static_cast<int>(aValue.length())) {
         // there is at least one $
-        if( (aValue)[nDollarPos+1] == '(' ) {
-          uint nEndPos = nDollarPos+1;
-          // the next character is no $
-          while ( (nEndPos <= aValue.length()) && (aValue[nEndPos]!=')') )
-              nEndPos++;
-          nEndPos++;
-          TQString cmd = aValue.mid( nDollarPos+2, nEndPos-nDollarPos-3 );
-
-          TQString result;
-          FILE *fs = popen(TQFile::encodeName(cmd).data(), "r");
-          if (fs)
-          {
-             {
-             TQTextStream ts(fs, IO_ReadOnly);
-             result = ts.read().stripWhiteSpace();
-             }
-             pclose(fs);
-          }
-          aValue.replace( nDollarPos, nEndPos-nDollarPos, result );
-        } else if( (aValue)[nDollarPos+1] != '$' ) {
+        if( (aValue)[nDollarPos+1] != '$' ) {
           uint nEndPos = nDollarPos+1;
           // the next character is no $
           TQString aVarName;