subject:"\[issue24778\] mailcap.findmatch\: document shell command Injection danger in filename parameter"

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2022-04-06 Thread STINNER Victor

STINNER Victor added the comment: In 2022, Python 3.11 still has the issue: vstinner@apu$ python3.11 -m mailcap Mailcap files: /home/vstinner/.mailcap /etc/mailcap (...) Mailcap entries: (...) text/html copiousoutput lineno 5 view/usr/bin/

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2016-09-24 Thread Christian Heimes

Changes by Christian Heimes : -- versions: +Python 3.7 -Python 3.4 ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2015-10-29 Thread Bernd Dietzel

Bernd Dietzel added the comment: My patch for mailcap.py. Please check and apply my patch please. 1) I have removed the os.system() calls for security reasons. 2) New "findmtach_list()" function witch returns the commandline as a [list] witch can be passed to subprocess instead of passing it t

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2015-08-05 Thread Bernd Dietzel

Bernd Dietzel added the comment: Thanks :-) As you may noticed i now choosed to use a random name made of the chars of "PYTHON" in BIG letters instead of small letters i used before. Thats because i do not want to get in trouble with the little "t" in %t wich is replaced by the subst function

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2015-08-05 Thread R. David Murray

R. David Murray added the comment: Ah, that's a clever idea. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2015-08-05 Thread Bernd Dietzel

Bernd Dietzel added the comment: What i do is the last doc is like this : 1) Replace the filename with a random name 2) Run mailcap.findmatch() with the random name 3) If exists, replace the quote characters ' before and behind the random name with nothing. 4) Now the random name has no quoting

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

2015-08-05 Thread R. David Murray

R. David Murray added the comment: I have no idea what your code samples are trying to accomplish, I'm afraid, but that's not the kind of documentation I'm advocating anyway. -- title: mailcap.findmatch() Shell Command Injection in filename -> mailcap.findmatch: document she

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

[issue24778] mailcap.findmatch: document shell command Injection danger in filename parameter

7 matches

Site Navigation

Mail list logo

Footer information