diff options
author | Andy Spencer <andy753421@gmail.com> | 2009-11-23 11:24:10 +0000 |
---|---|---|
committer | Andy Spencer <andy753421@gmail.com> | 2009-11-23 12:46:36 +0000 |
commit | bf33a2b30a69c7603db98f16542dd90a61e9c056 (patch) | |
tree | 5a109b68c1d8a148949c01f56cfacc3898195ea7 /examples/data/uzbl/scripts/scheme.py | |
parent | 3f1735f443f8812c7ee260ea464ca538b497c99b (diff) |
Fix security holes
* Please be careful when using eval, you rarely need it.
* There might be more issues, I haven't checked any of the bigger python
scripts, plugins, or the C code.
Signed-off-by: Andy Spencer <andy753421@gmail.com>
Diffstat (limited to 'examples/data/uzbl/scripts/scheme.py')
-rwxr-xr-x | examples/data/uzbl/scripts/scheme.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/examples/data/uzbl/scripts/scheme.py b/examples/data/uzbl/scripts/scheme.py index 7286703..0916466 100755 --- a/examples/data/uzbl/scripts/scheme.py +++ b/examples/data/uzbl/scripts/scheme.py @@ -16,8 +16,9 @@ if __name__ == '__main__': uri = sys.argv[8] u = urlparse.urlparse(uri) if u.scheme == 'mailto': - detach_open(['xterm', '-e', 'mail %s' % u.path]) + detach_open(['xterm', '-e', 'mail', u.path]) elif u.scheme == 'xmpp': + # Someone check for safe arguments to gajim-remote detach_open(['gajim-remote', 'open_chat', uri]) elif u.scheme == 'git': - detach_open(['git', 'clone', uri], cwd=os.path.expanduser('~/src')) + detach_open(['git', 'clone', '--', uri], cwd=os.path.expanduser('~/src')) |