diff options
author | Fred Drake <fdrake@acm.org> | 2002-01-07 15:29:01 +0000 |
---|---|---|
committer | Fred Drake <fdrake@acm.org> | 2002-01-07 15:29:01 +0000 |
commit | 925f14427416c1c5a8c6e71d17daac20e248c7b0 (patch) | |
tree | c6768b98f2889a81f7f402f397d15ec9bdf42bfb | |
parent | ca3b2ffbb90d107476397689243da9d4d8b47286 (diff) | |
download | cpython-git-925f14427416c1c5a8c6e71d17daac20e248c7b0.tar.gz |
Fix webbrowser.py security bug: be more careful about what we pass to
os.system().
This closes Python bug #500401, Debian bug #127507.
-rw-r--r-- | Lib/webbrowser.py | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/Lib/webbrowser.py b/Lib/webbrowser.py index d05c18b451..58ed28ad8e 100644 --- a/Lib/webbrowser.py +++ b/Lib/webbrowser.py @@ -98,6 +98,7 @@ class GenericBrowser: self.basename = os.path.basename(self.name) def open(self, url, new=0, autoraise=1): + assert "'" not in url command = "%s %s" % (self.name, self.args) os.system(command % url) @@ -148,7 +149,8 @@ class Konqueror: self.name = self.basename = "kfm" def _remote(self, action): - cmd = "kfmclient %s >/dev/null 2>&1" % action + assert "'" not in action + cmd = "kfmclient '%s' >/dev/null 2>&1" % action rc = os.system(cmd) if rc: import time @@ -163,7 +165,7 @@ class Konqueror: def open(self, url, new=1, autoraise=1): # XXX Currently I know no way to prevent KFM from # opening a new win. - self._remote("openURL %s" % url) + self._remote("openURL '%s'" % url) open_new = open @@ -238,26 +240,26 @@ if os.environ.get("TERM") or os.environ.get("DISPLAY"): if os.environ.get("TERM"): # The Links browser <http://artax.karlin.mff.cuni.cz/~mikulas/links/> if _iscommand("links"): - register("links", None, GenericBrowser("links %s")) + register("links", None, GenericBrowser("links '%s'")) # The Lynx browser <http://lynx.browser.org/> if _iscommand("lynx"): - register("lynx", None, GenericBrowser("lynx %s")) + register("lynx", None, GenericBrowser("lynx '%s'")) # The w3m browser <http://ei5nazha.yz.yamagata-u.ac.jp/~aito/w3m/eng/> if _iscommand("w3m"): - register("w3m", None, GenericBrowser("w3m %s")) + register("w3m", None, GenericBrowser("w3m '%s'")) # X browsers have more in the way of options if os.environ.get("DISPLAY"): # First, the Netscape series - if _iscommand("netscape") or _iscommand("mozilla"): - if _iscommand("mozilla"): - register("mozilla", None, Netscape("mozilla")) - if _iscommand("netscape"): - register("netscape", None, Netscape("netscape")) + if _iscommand("mozilla"): + register("mozilla", None, Netscape("mozilla")) + if _iscommand("netscape"): + register("netscape", None, Netscape("netscape")) # Next, Mosaic -- old but still in use. if _iscommand("mosaic"): - register("mosaic", None, GenericBrowser("mosaic %s >/dev/null &")) + register("mosaic", None, GenericBrowser( + "mosaic '%s' >/dev/null &")) # Konqueror/kfm, the KDE browser. if _iscommand("kfm") or _iscommand("konqueror"): @@ -318,7 +320,8 @@ if os.environ.has_key("BROWSER"): for cmd in _tryorder: if not _browsers.has_key(cmd.lower()): if _iscommand(cmd.lower()): - register(cmd.lower(), None, GenericBrowser("%s %%s" % cmd.lower())) + register(cmd.lower(), None, GenericBrowser( + "%s '%%s'" % cmd.lower())) _tryorder = filter(lambda x: _browsers.has_key(x.lower()) or x.find("%s") > -1, _tryorder) |