X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftrunk%2Fsrc%2Fmodules%2Fmptr_mplayer%2Fmptr_mplayer.cpp;h=9e3d547f54ab2b34e73741e3bb8cfbc8fad76bbf;hb=63e709f66d50c124cc0ece2325f4773ac4ae7b20;hp=f75f721a360cd9f89807b7b4b9ca05a5bdc76e69;hpb=70bcefce2ab011a11014f36fc129b473cc0bc61e;p=synfig.git

diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
index f75f721..9e3d547 100644
--- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -2,6 +2,8 @@
 /*!	\file mptr_mplayer.cpp
 **	\brief ppm Target Module
 **
+**	$Id$
+**
 **	\legal
 **	Copyright (c) 2002-2005 Robert B. Quattlebaum Jr., Adrian Bentley
 **
@@ -70,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
 bool
 mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
 {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
 	int ret;
 	ret=system(
 		strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",