From 4d548cc4b1fa2963958054fc435e2eb7dbe26858 Mon Sep 17 00:00:00 2001
From: Pavel Roskin <proski@gnu.org>
Date: Tue, 11 Mar 2003 00:01:56 +0000
Subject: [PATCH] * extfs.c (extfs_cmd): Quote localname - it's based on the
 entry name, so it can contain dangerous symbols like "&".

---
 vfs/ChangeLog | 5 +++++
 vfs/extfs.c   | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/vfs/ChangeLog b/vfs/ChangeLog
index ede28b2b5..36dea3479 100644
--- a/vfs/ChangeLog
+++ b/vfs/ChangeLog
@@ -1,3 +1,8 @@
+2003-03-10  Pavel Roskin  <proski@gnu.org>
+
+	* extfs.c (extfs_cmd): Quote localname - it's based on the entry
+	name, so it can contain dangerous symbols like "&".
+
 2003-02-26  Adam Byrtek  <alpha@debian.org>
 
 	* extfs.c (extfs_open): Retain original filename as a suffix
diff --git a/vfs/extfs.c b/vfs/extfs.c
index 419a515d9..ff7b6048a 100644
--- a/vfs/extfs.c
+++ b/vfs/extfs.c
@@ -584,6 +584,7 @@ extfs_cmd (const char *extfs_cmd, struct archive *archive,
 {
     char *file;
     char *quoted_file;
+    char *quoted_localname;
     char *archive_name;
     char *mc_extfsdir;
     char *cmd;
@@ -593,12 +594,14 @@ extfs_cmd (const char *extfs_cmd, struct archive *archive,
     quoted_file = name_quote (file, 0);
     g_free (file);
     archive_name = name_quote (get_archive_name (archive), 0);
+    quoted_localname = name_quote (localname, 0);
 
     mc_extfsdir = concat_dir_and_file (mc_home, "extfs" PATH_SEP_STR);
     cmd = g_strconcat (mc_extfsdir, extfs_prefixes[archive->fstype],
 		       extfs_cmd, archive_name, " ", quoted_file, " ",
-		       localname, NULL);
+		       quoted_localname, NULL);
     g_free (quoted_file);
+    g_free (quoted_localname);
     g_free (mc_extfsdir);
     g_free (archive_name);