From 8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 Mon Sep 17 00:00:00 2001
From: Xi Lu <lx@shellcodes.org>
Date: Sat, 18 Feb 2023 18:03:28 +0800
Subject: [PATCH] * lisp/ob-latex.el (org-babel-execute:latex): Fix command
 injection vulnerability

Link: https://orgmode.org/list/tencent_5C4D5D0DEFDDBBFC66F855703927E60C7706@qq.com

TINYCHANGE
---
 lisp/ob-latex.el | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lisp/ob-latex.el b/lisp/ob-latex.el
index 428907a27..a0154bf26 100644
--- a/lisp/ob-latex.el
+++ b/lisp/ob-latex.el
@@ -180,7 +180,7 @@ This function is called by `org-babel-execute-src-block'."
 	                     tmp-pdf
                              (list org-babel-latex-pdf-svg-process)
                              extension err-msg log-buf)))
-              (shell-command (format "mv %s %s" img-out out-file)))))
+              (rename-file img-out out-file t))))
          ((string-suffix-p ".tikz" out-file)
 	  (when (file-exists-p out-file) (delete-file out-file))
 	  (with-temp-file out-file