Comment 2 for bug 163417

Right, as I noted in the original description various escaping of the argument in the .desktop file fixes it for some filenames but still breaks for other file names, and is defintiely open to intentional attacks. The real fix needs to be done in some more solid way...

I am thinking whether or not kdesu should just shell-escape its arguments. Kdesu should also have something similar to the GNU -- option to stop parsing for parameters and assume everything after -- is one large parameter. Is there any real usecase for kdesu taking in bourne shell syntax?