Fixed extreme security hole in scheme.py allowing arbitrary command

execution on the users pc.
author: Mason Larobina <mason.larobina@gmail.com> 2009-11-24 21:09:36 +0800
committer: Mason Larobina <mason.larobina@gmail.com> 2009-11-24 21:09:36 +0800
commit: f7eeee9955f99d4acbfc90c7dc00b50767a15e07 (patch)
tree: 4c223731cd246818385fa67ca404ac55224f117d /examples/data/uzbl/scripts
parent: 17fc947a49fd65adffd847628c4701e0bc10f965 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/examples/data/uzbl/scripts/scheme.py b/examples/data/uzbl/scripts/scheme.py
index 7286703..a54476f 100755
--- a/examples/data/uzbl/scripts/scheme.py
+++ b/examples/data/uzbl/scripts/scheme.py
@@ -16,7 +16,7 @@ if __name__ == '__main__':
     uri = sys.argv[8]
     u = urlparse.urlparse(uri)
     if u.scheme == 'mailto':
-        detach_open(['xterm', '-e', 'mail %s' % u.path])
+        detach_open(['xterm', '-e', 'mail %r' % u.path])
     elif u.scheme == 'xmpp':
         detach_open(['gajim-remote', 'open_chat', uri])
     elif u.scheme == 'git':
author	Mason Larobina <mason.larobina@gmail.com>	2009-11-24 21:09:36 +0800
committer	Mason Larobina <mason.larobina@gmail.com>	2009-11-24 21:09:36 +0800
commit	f7eeee9955f99d4acbfc90c7dc00b50767a15e07 (patch)
tree	4c223731cd246818385fa67ca404ac55224f117d /examples/data/uzbl/scripts
parent	17fc947a49fd65adffd847628c4701e0bc10f965 (diff)