*** empty log message ***

diff --git a/src/perl/selection-popup b/src/perl/selection-popup
index 3233d47f02775dd2bd18b0d01299494acf907553..4d21cb9fbc39cf3e352898df17e0292fedf44355 100644 (file)
--- a/src/perl/selection-popup
+++ b/src/perl/selection-popup
@@ -37,6 +37,9 @@ sub on_button_press {
       for ($text) {
          $add_button->("rot13" => sub { y/A-Za-z/N-ZA-Mn-za-m/ });
 
+         urxvt::safe
+            and $add_button->("eval perl expression" => sub { $_ = eval urxvt::untaint $_ });
+
          /^(\S+):(\d+):?$/
             and $add_button->("vi-commands to load '$1'" => sub { s/^(\S+):(\d+):?$/\x1b:e $1\x0d:$2\x0d/ });
 

diff --git a/src/rxvtperl.xs b/src/rxvtperl.xs
index 52d8d8c055bf224318708b1d7ad5e68d1bcff36f..ea65dd50b755e771173fad37d47aee3e7f38f133 100644 (file)
--- a/src/rxvtperl.xs
+++ b/src/rxvtperl.xs
@@ -717,6 +717,13 @@ untaint (SV *sv)
         OUTPUT:
         RETVAL
 
+bool
+safe ()
+       CODE:
+        RETVAL = !rxvt_tainted ();
+        OUTPUT:
+        RETVAL
+
 NV
 NOW ()
        CODE:

diff --git a/src/urxvt.pm b/src/urxvt.pm
index 9a31f0ad1cd82296f71245c7e8f8b58c2d4cfaaf..19ff76966152ce2f9d4b8909219b76288f3f9349 100644 (file)
--- a/src/urxvt.pm
+++ b/src/urxvt.pm
@@ -335,6 +335,12 @@ that calls this function.
 Using this function has the advantage that its output ends up in the
 correct place, e.g. on stderr of the connecting urxvtc client.
 
+=item $is_safe = urxvt::safe
+
+Returns true when it is safe to do potentially unsafe things, such as
+evaluating perl code specified by the user. This is true when urxvt was
+started setuid or setgid.
+
 =item $time = urxvt::NOW
 
 Returns the "current time" (as per the event loop).