[issue24778] mailcap.findmatch() ........ Shell Command Injection in filename
Bernd Dietzel
report at bugs.python.org
Sun Aug 2 12:16:11 CEST 2015
Bernd Dietzel added the comment:
Maybe it would be a good idea to do so as run-mailcap does :
theregrunner at mint17 : ~ € run-mailcap --debug "';xterm;#'.txt"
- parsing parameter "';xterm;#'.txt"
- Reading mime.types file "/etc/mime.types"...
- extension "txt" maps to mime-type "text/plain"
- Reading mailcap file "/etc/mailcap"...
Processing file "';xterm;#'.txt" of type "text/plain" (encoding=none)...
- checking mailcap entry "text/plain; less '%s'; needsterminal"
- program to execute: less '%s'
- filename contains shell meta-characters; aliased to '/tmp/fileV7f2MZ'
- executing: less '/tmp/fileV7f2MZ'
theregrunner at mint17 : ~ €
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24778>
_______________________________________
More information about the Python-bugs-list
mailing list