Stub in the warning and observations.

git-svn-id: http://svn.apache.org/repos/asf/apr/apr/trunk@63180 13f79535-47bb-0310-9956-ffa450edef68
author: wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> 2002-03-22 07:55:00 +0000
committer: wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68> 2002-03-22 07:55:00 +0000
commit: 1c15198675cd9ca6e6426dff372fa03cec5396ba (patch)
tree: f1ce6f3d5c5dc6c8fa9b137424856cd8ffca62bb /threadproc/win32/proc.c
parent: b1332220ced4cdbda4641f5c586820cf791b0be8 (diff)
download: libapr-1c15198675cd9ca6e6426dff372fa03cec5396ba.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/threadproc/win32/proc.c b/threadproc/win32/proc.c
index 434158d88..36f952d1c 100644
--- a/threadproc/win32/proc.c
+++ b/threadproc/win32/proc.c
@@ -446,6 +446,11 @@ APR_DECLARE(apr_status_t) apr_proc_create(apr_proc_t *new,
             }
             i = strlen(progname);
             if (i >= 11 && strcasecmp(progname + i - 11, "command.com") == 0) {
+                /* XXX: Still insecure - need doubled-quotes on each individual
+                 * arg of cmdline.  Suspect we need to postpone cmdline parsing
+                 * until this moment in all four code paths, with some flags
+                 * to toggle 'which flavor' is needed.
+                 */
                 cmdline = apr_pstrcat(pool, shellcmd, " /C ", argv0, cmdline, NULL);
             }
             else {
author	wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68>	2002-03-22 07:55:00 +0000
committer	wrowe <wrowe@13f79535-47bb-0310-9956-ffa450edef68>	2002-03-22 07:55:00 +0000
commit	1c15198675cd9ca6e6426dff372fa03cec5396ba (patch)
tree	f1ce6f3d5c5dc6c8fa9b137424856cd8ffca62bb /threadproc/win32/proc.c
parent	b1332220ced4cdbda4641f5c586820cf791b0be8 (diff)
download	libapr-1c15198675cd9ca6e6426dff372fa03cec5396ba.tar.gz