From 41e172df723a9a62edffbef923f2e50522669e35 Mon Sep 17 00:00:00 2001 From: DelphiGit Date: Wed, 13 Jul 2016 20:29:12 +0200 Subject: [PATCH] Fix for unquoted path vulnerability See issue #621 for details. I built a new installation package and during installation on Windows 7 I could see that the previously unquoted path is now quoted. --- CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 98cecbbb..707a0e7d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -375,8 +375,8 @@ if(WIN32 AND NOT UNIX) # VS redist list(APPEND CPACK_NSIS_EXTRA_INSTALL_COMMANDS " - ExecWait '$INSTDIR\\\\tmp\\\\${VSREDIST} /install /passive /quiet' - Delete '$INSTDIR\\\\tmp\\\\${VSREDIST}' + ExecWait '\\\"$INSTDIR\\\\tmp\\\\${VSREDIST}\\\" /install /passive /quiet' + Delete '\\\"$INSTDIR\\\\tmp\\\\${VSREDIST}\\\"' ") else(WIN32 AND NOT UNIX) set(CPACK_STRIP_FILES "bin/sqlitebrowser")