feh-3.12.tar.bz2 (signature)
- Disallow
%f and %n format specifiers in --action and --info strings;
abort with an error message if those are encountered. Use %F and %N
instead. Rationale: %f and %n do not escape shell-specific syntax and
are thus a security risk when passing untrusted file names to feh. %F and
%N, which have been available since v2.3 (Feb 2012), do escape
shell-specific syntax. Migration path: Replace %f (or '%f') and %n (or
'%n') with %F and %N (without '') in --action and --info commands.
download feh 3.12.1
view manual
