summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFred Drake <fdrake@acm.org>2002-01-07 15:29:01 +0000
committerFred Drake <fdrake@acm.org>2002-01-07 15:29:01 +0000
commit925f14427416c1c5a8c6e71d17daac20e248c7b0 (patch)
treec6768b98f2889a81f7f402f397d15ec9bdf42bfb
parentca3b2ffbb90d107476397689243da9d4d8b47286 (diff)
downloadcpython-git-925f14427416c1c5a8c6e71d17daac20e248c7b0.tar.gz
Fix webbrowser.py security bug: be more careful about what we pass to
os.system(). This closes Python bug #500401, Debian bug #127507.
-rw-r--r--Lib/webbrowser.py27
1 files changed, 15 insertions, 12 deletions
diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py
index d05c18b451..58ed28ad8e 100644
--- a/Lib/webbrowser.py
+++ b/Lib/webbrowser.py
@@ -98,6 +98,7 @@ class GenericBrowser:
self.basename = os.path.basename(self.name)
def open(self, url, new=0, autoraise=1):
+ assert "'" not in url
command = "%s %s" % (self.name, self.args)
os.system(command % url)
@@ -148,7 +149,8 @@ class Konqueror:
self.name = self.basename = "kfm"
def _remote(self, action):
- cmd = "kfmclient %s >/dev/null 2>&1" % action
+ assert "'" not in action
+ cmd = "kfmclient '%s' >/dev/null 2>&1" % action
rc = os.system(cmd)
if rc:
import time
@@ -163,7 +165,7 @@ class Konqueror:
def open(self, url, new=1, autoraise=1):
# XXX Currently I know no way to prevent KFM from
# opening a new win.
- self._remote("openURL %s" % url)
+ self._remote("openURL '%s'" % url)
open_new = open
@@ -238,26 +240,26 @@ if os.environ.get("TERM") or os.environ.get("DISPLAY"):
if os.environ.get("TERM"):
# The Links browser <http://artax.karlin.mff.cuni.cz/~mikulas/links/>
if _iscommand("links"):
- register("links", None, GenericBrowser("links %s"))
+ register("links", None, GenericBrowser("links '%s'"))
# The Lynx browser <http://lynx.browser.org/>
if _iscommand("lynx"):
- register("lynx", None, GenericBrowser("lynx %s"))
+ register("lynx", None, GenericBrowser("lynx '%s'"))
# The w3m browser <http://ei5nazha.yz.yamagata-u.ac.jp/~aito/w3m/eng/>
if _iscommand("w3m"):
- register("w3m", None, GenericBrowser("w3m %s"))
+ register("w3m", None, GenericBrowser("w3m '%s'"))
# X browsers have more in the way of options
if os.environ.get("DISPLAY"):
# First, the Netscape series
- if _iscommand("netscape") or _iscommand("mozilla"):
- if _iscommand("mozilla"):
- register("mozilla", None, Netscape("mozilla"))
- if _iscommand("netscape"):
- register("netscape", None, Netscape("netscape"))
+ if _iscommand("mozilla"):
+ register("mozilla", None, Netscape("mozilla"))
+ if _iscommand("netscape"):
+ register("netscape", None, Netscape("netscape"))
# Next, Mosaic -- old but still in use.
if _iscommand("mosaic"):
- register("mosaic", None, GenericBrowser("mosaic %s >/dev/null &"))
+ register("mosaic", None, GenericBrowser(
+ "mosaic '%s' >/dev/null &"))
# Konqueror/kfm, the KDE browser.
if _iscommand("kfm") or _iscommand("konqueror"):
@@ -318,7 +320,8 @@ if os.environ.has_key("BROWSER"):
for cmd in _tryorder:
if not _browsers.has_key(cmd.lower()):
if _iscommand(cmd.lower()):
- register(cmd.lower(), None, GenericBrowser("%s %%s" % cmd.lower()))
+ register(cmd.lower(), None, GenericBrowser(
+ "%s '%%s'" % cmd.lower()))
_tryorder = filter(lambda x: _browsers.has_key(x.lower())
or x.find("%s") > -1, _tryorder)