'gdbus call' can't handle arguments containing '&' (XML escaping failure) failure
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| glib2.0 (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
When gdbus is used with the call subcommand, string arguments passed to the called method that contain the character '&' are treated as empty "". Presumably this also affects the emit subcommand.
The problem appears to be that internally the arguments are processed as XML but not safely escaped, as shown in the tests below.
From the gdbus man page, try this example:
gdbus call --session --dest org.freedesktop
--method org.freedesktop
42 \
"The Summary" \
"Here's the body of the notification" \
[] {} 5000
A notification is displayed with the information icon, the summary and the body.
Now try
gdbus call --session --dest org.freedesktop
--method org.freedesktop
42 \
"The Summary" \
"Here's the body containing '&' of the notification" \
[] {} 5000
A notification is displayed with the information icon, the summary and *no* body.
Now try
gdbus call --session --dest org.freedesktop
--method org.freedesktop
42 \
"The Summary" \
"Here's the body containing '&' of the notification" \
[] {} 5000
A notification is displayed with the information icon, the summary and this body
"Here's the body containing '&' of the notification"
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libglib2.0-bin 2.40.2-0ubuntu1
ProcVersionSign
Uname: Linux 4.2.0-36-generic i686
ApportVersion: 2.14.1-0ubuntu3.20
Architecture: i386
CurrentDesktop: LXDE
Date: Tue May 10 15:56:44 2016
InstallationDate: Installed on 2016-02-21 (78 days ago)
InstallationMedia: Lubuntu 14.04.4 LTS "Trusty Tahr" - Release i386 (20160217.1)
SourcePackage: glib2.0
UpgradeStatus: No upgrade log present (probably fresh install)
| Dirk F (fieldhouse) wrote | #1 |
