diff options
author | Mason Larobina <mason.larobina@gmail.com> | 2009-11-24 21:09:36 +0800 |
---|---|---|
committer | Mason Larobina <mason.larobina@gmail.com> | 2009-11-24 21:09:36 +0800 |
commit | f7eeee9955f99d4acbfc90c7dc00b50767a15e07 (patch) | |
tree | 4c223731cd246818385fa67ca404ac55224f117d /examples/data/uzbl/scripts | |
parent | 17fc947a49fd65adffd847628c4701e0bc10f965 (diff) |
Fixed extreme security hole in scheme.py allowing arbitrary command
execution on the users pc.
Diffstat (limited to 'examples/data/uzbl/scripts')
-rwxr-xr-x | examples/data/uzbl/scripts/scheme.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/examples/data/uzbl/scripts/scheme.py b/examples/data/uzbl/scripts/scheme.py index 7286703..a54476f 100755 --- a/examples/data/uzbl/scripts/scheme.py +++ b/examples/data/uzbl/scripts/scheme.py @@ -16,7 +16,7 @@ if __name__ == '__main__': uri = sys.argv[8] u = urlparse.urlparse(uri) if u.scheme == 'mailto': - detach_open(['xterm', '-e', 'mail %s' % u.path]) + detach_open(['xterm', '-e', 'mail %r' % u.path]) elif u.scheme == 'xmpp': detach_open(['gajim-remote', 'open_chat', uri]) elif u.scheme == 'git': |