From f7eeee9955f99d4acbfc90c7dc00b50767a15e07 Mon Sep 17 00:00:00 2001
From: Mason Larobina <mason.larobina@gmail.com>
Date: Tue, 24 Nov 2009 21:09:36 +0800
Subject: Fixed extreme security hole in scheme.py allowing arbitrary command
 execution on the users pc.

---
 examples/data/uzbl/scripts/scheme.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'examples/data/uzbl/scripts')

diff --git a/examples/data/uzbl/scripts/scheme.py b/examples/data/uzbl/scripts/scheme.py
index 7286703..a54476f 100755
--- a/examples/data/uzbl/scripts/scheme.py
+++ b/examples/data/uzbl/scripts/scheme.py
@@ -16,7 +16,7 @@ if __name__ == '__main__':
     uri = sys.argv[8]
     u = urlparse.urlparse(uri)
     if u.scheme == 'mailto':
-        detach_open(['xterm', '-e', 'mail %s' % u.path])
+        detach_open(['xterm', '-e', 'mail %r' % u.path])
     elif u.scheme == 'xmpp':
         detach_open(['gajim-remote', 'open_chat', uri])
     elif u.scheme == 'git':
-- 
cgit v1.2.3