Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Photoshop CS Help Menu - a script and a warning Apps
Adobe Photoshop CS has a feature that allows you to make your own "Howto" Help menu items. If you've got CS and would like to know more about how to do this, click this link. I thought that it might be interesting to add some menu items that link to hints and tips on my own site. Replacing the existing .howto file would be too risky if the client had already customised the file. So an AppleScript that appended the file was a better option.

Read the rest of the hint for the how-to ... along with a warning about a potential exposure using this added menu.

Here's the script:
set thePath to "/Applications/Adobe Photoshop CS/Help/Additional How To Content/Add_001.howto"

set m1 to "
\"Martin's Menus\" \"Open Photoshop Folder\" file:///Applications/Adobe%20Photoshop%20CS/" 
as Unicode text
set m2 to "
\"Martin's Menus\" \"Open Plug-Ins Folder\" file:///Applications/Adobe%20Photoshop%20CS/Plug-Ins/" 
as Unicode text
set m3 to "
\"Martin's Menus\" \"Launch Terminal\" file:///Applications/Utilities/" 
as Unicode text
set m4 to "
\"Martin's Menus\" \"Visit Idea Web Site\"" 
as Unicode text

set theHowto to POSIX file thePath as alias
open for access theHowto with write permission
write m1 & m2 & m3 & m4 to theHowto starting at eof
close access theHowto

display dialog 
"You need to restart Photoshop to use your new menu options." 
giving up after 6
Once Photoshop is restarted, you'll find a new menu optioin at the bottom of the Help menu which gives you another four options. One is a link to my web site, two are local folder links that will open the Photoshop folder and the Plug-Ins folder in the Finder. And with the script taking about half a second to run, you can see that it's very easy to send people your own customised menu settings :-). However, now we get to the warning.

The other option, "Launch Terminal," is a bit of a concern. Apple have had to patch their apps and the OS to stop applications like Safari or the Help Viewer from launching applications from URLs. But selecting this menu option will cause the Terminal to launch. And not only can you do that, but you can also do stuff like mount remote volumes by using "afp" URLs. So potentially, you could find yourself two clicks away from running a nasty piece of malware. I'm aware that you can find yourself in a similar situation when you click on a link in a mail client, for example. But, you normally get to see the link before you click -- which isn't the case here.

I've mentioned this to Adobe and I've posted a page about my concerns. If Adobe can restrict the URL schemes to "http:" and "file:" (but restricted to one designated folder only, perhaps?), this could be quite a useful way of accessing information from within the application.
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)

Photoshop CS Help Menu - a script and a warning | 2 comments | Create New Account
Click here to return to the 'Photoshop CS Help Menu - a script and a warning' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Photoshop CS Help Menu - a script and a warning
Authored by: momerath on Oct 23, '04 01:33:21AM

Look, if you have write access to programs on your HD and the ability to have a script executed like this (both of which are necessary to do what you're proposing), you don't need a silly little exploit like the one you're proposing to do bad things.

Sorry, but your "concerns" are about a non-issue.

[ Reply to This | # ]
Photoshop CS Help Menu - a script and a warning
Authored by: seann on Oct 24, '04 05:04:23PM

I agree.

Grandparent is over reacting and should calm down.

[ Reply to This | # ]