An error when i switched from python v2.6.6 => v3.2.3
Ian Kelly
ian.g.kelly at gmail.com
Thu Mar 7 15:15:11 EST 2013
On Thu, Mar 7, 2013 at 1:04 PM, Νίκος Γκρ33κ <nikos.gr33k at gmail.com> wrote:
> Τη Πέμπτη, 7 Μαρτίου 2013 9:36:33 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
>
>> So, I see you fixed the problem. How?
>
> Apart from appearing ugly its not causing any more trouble(other than some issues that i have fixed), so i will just d:
>
> os.system( 'python %s > %s' % (htmlpage, temp) )
> f = open( temp )
> htmldata = f.read()
> htmldata = htmldata.replace( 'Content-type: text/html; charset=utf-8', '' )
If htmlpage is being pulled from the HTTP request as I think it is,
then you have a code injection vulnerability here. Think what could
happen if htmlpage were something like this:
-c ''; rm -rf /; oops.py
More information about the Python-list
mailing list