Photoshop CS Help Menu - a script and a warning

Oct 22, '04 11:07:00AM

Contributed by: orpy

Adobe Photoshop CS has a feature that allows you to make your own "Howto" Help menu items. If you've got CS and would like to know more about how to do this, click this link. I thought that it might be interesting to add some menu items that link to hints and tips on my own site. Replacing the existing .howto file would be too risky if the client had already customised the file. So an AppleScript that appended the file was a better option.

Read the rest of the hint for the how-to ... along with a warning about a potential exposure using this added menu.

Here's the script:

set thePath to "/Applications/Adobe Photoshop CS/Help/Additional How To Content/Add_001.howto"

set m1 to "
\"Martin's Menus\" \"Open Photoshop Folder\" file:///Applications/Adobe%20Photoshop%20CS/" ¬
as Unicode text
set m2 to "
\"Martin's Menus\" \"Open Plug-Ins Folder\" file:///Applications/Adobe%20Photoshop%20CS/Plug-Ins/" ¬
as Unicode text
set m3 to "
\"Martin's Menus\" \"Launch Terminal\" file:///Applications/Utilities/Terminal.app" ¬
as Unicode text
set m4 to "
\"Martin's Menus\" \"Visit Idea Web Site\" http://www.idea-digital.com/index.html" ¬
as Unicode text

set theHowto to POSIX file thePath as alias
open for access theHowto with write permission
write m1 & m2 & m3 & m4 to theHowto starting at eof
close access theHowto

display dialog ¬
"You need to restart Photoshop to use your new menu options." ¬
giving up after 6
Once Photoshop is restarted, you'll find a new menu optioin at the bottom of the Help menu which gives you another four options. One is a link to my web site, two are local folder links that will open the Photoshop folder and the Plug-Ins folder in the Finder. And with the script taking about half a second to run, you can see that it's very easy to send people your own customised menu settings :-). However, now we get to the warning.

The other option, "Launch Terminal," is a bit of a concern. Apple have had to patch their apps and the OS to stop applications like Safari or the Help Viewer from launching applications from URLs. But selecting this menu option will cause the Terminal to launch. And not only can you do that, but you can also do stuff like mount remote volumes by using "afp" URLs. So potentially, you could find yourself two clicks away from running a nasty piece of malware. I'm aware that you can find yourself in a similar situation when you click on a link in a mail client, for example. But, you normally get to see the link before you click -- which isn't the case here.

I've mentioned this to Adobe and I've posted a page about my concerns. If Adobe can restrict the URL schemes to "http:" and "file:" (but restricted to one designated folder only, perhaps?), this could be quite a useful way of accessing information from within the application.

Comments (2)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20041022082806727