Skip to content

Instantly share code, notes, and snippets.

@qwazix
Created August 1, 2017 22:12
Show Gist options
  • Save qwazix/1c2083eadda595a8ed576701eef85f30 to your computer and use it in GitHub Desktop.
Save qwazix/1c2083eadda595a8ed576701eef85f30 to your computer and use it in GitHub Desktop.
darktable open image location shortcut
--[[
This file is copyright (c) 2017 Michael Demetriou
It is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This file is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this file. If not, see <http://www.gnu.org/licenses/>.
]]
--[[
OPEN LOCATION
Opens the location of the selected image in nautilus
USAGE
* require this file from your main lua config file
* set a shortcut for "Open image location"
]]
local dt = require "darktable"
dt.configuration.check_version(...,{4,0,0})
local function open_location()
local images = dt.gui.action_images
for _, i in ipairs(images) do
os.execute('nautilus "'.. i.path .. '/' .. i.filename ..'"')
end
end
dt.register_event("shortcut",function(event, shortcut)
open_location()
end, "Open image location")
--
-- vim: syntax=lua
@dhoulder
Copy link

dhoulder commented Aug 4, 2017

I'm pretty sure that any file pathname containing a double-quote, backtick or dollar character (more likely in a directory component, but potentially in a filename), will cause problems here because they will get interpreted by /bin/sh when you call os.execute(). The most likely outcome is that the command will simply fail, but at worst you could have a shell injection exploit. Using something like

"\"" .. string.gsub(i.path .. '/' .. i.filename, "([\"\\`$])", "\\%1") .. "\""

should escape the troublesome cases. See https://www.gnu.org/software/bash/manual/html_node/Double-Quotes.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment