From c39ef5a79efb779da2c9a4c6ddf713b91f4a1ec7 Mon Sep 17 00:00:00 2001
From: pabs <pabs@1f10aa63-cdf2-0310-b900-c93c546f37ac>
Date: Thu, 6 Dec 2007 01:52:35 +0000
Subject: [PATCH] The mptr_mplayer module isn't built by default, but prevent
 it from being compiled due to security issues.

git-svn-id: http://svn.voria.com/code@1178 1f10aa63-cdf2-0310-b900-c93c546f37ac
---
 synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
index f6a621a..9e3d547 100644
--- a/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/trunk/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -72,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
 bool
 mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
 {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
 	int ret;
 	ret=system(
 		strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",
-- 
2.7.4