From 8469c13f383720154370b855743fa684535518e0 Mon Sep 17 00:00:00 2001
From: Andrew Borodin <aborodin@vmail.ru>
Date: Mon, 26 Jan 2015 13:37:08 +0300
Subject: [PATCH] Ticket #3253: unexpected command line execution from Quick
 View panel.

When panel is set to 'Quick view' mode, some keys are handled by
mvciewer, and unhandled keys are passed to the command line. This is
very dangerous since user can easily type and execute a harmful command.

1st step:
  * (mcview_callback): don't pass any keys from mcviewer in QuickView
mode to the command line.

Signed-off-by: Andrew Borodin <aborodin@vmail.ru>
---
 src/viewer/actions_cmd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/viewer/actions_cmd.c b/src/viewer/actions_cmd.c
index 6b69e66a2..06bafe7af 100644
--- a/src/viewer/actions_cmd.c
+++ b/src/viewer/actions_cmd.c
@@ -672,7 +672,8 @@ mcview_callback (Widget * w, Widget * sender, widget_msg_t msg, int parm, void *
     case MSG_KEY:
         i = mcview_handle_key (view, parm);
         mcview_update (view);
-        return i;
+        /* don't pass any chars to command line in QuickView mode */
+        return mcview_is_in_panel (view) ? MSG_HANDLED : i;
 
     case MSG_ACTION:
         i = mcview_execute_cmd (view, parm);