diff options
| author | Florent Le Coz <louiz@louiz.org> | 2012-07-05 00:49:00 +0200 |
|---|---|---|
| committer | Florent Le Coz <louiz@louiz.org> | 2012-07-05 00:50:47 +0200 |
| commit | d47c31a58748d6cfc52c893eaf39d5412cba1f84 (patch) | |
| tree | c7017b92a9011a4b5fcf75541ac079f43d1c4d86 /src | |
| parent | 73b8addafe654077b80b33e8f200c33ec671d2ee (diff) | |
| download | poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.tar.gz poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.tar.bz2 poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.tar.xz poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.zip | |
Properly quote the %(body)s and %(from)s used in the simple_notify plugin.
Diffstat (limited to 'src')
| -rwxr-xr-x | src/daemon.py | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/daemon.py b/src/daemon.py index bd6dbd85..5d8c9fab 100755 --- a/src/daemon.py +++ b/src/daemon.py @@ -29,19 +29,19 @@ log = logging.getLogger(__name__) class Executor(threading.Thread): """ - Just a class to execute commands in a thread. - This way, the execution can totally fail, we don’t care, - and we can start commands without having to wait for them - to return + Just a class to execute commands in a thread. This way, the execution + can totally fail, we don’t care, and we can start commands without + having to wait for them to return. + WARNING: Be careful to properly escape what is untrusted by using + pipes.quote (or shlex.quote with python 3.3) for example. """ def __init__(self, command): threading.Thread.__init__(self) self.command = command def run(self): - log.info('executing %s' % (self.command.strip(),)) - command = shlex.split('sh -c "%s"' % self.command) - subprocess.call(command) + log.info('executing %s' % (self.command,)) + subprocess.call(['sh', '-c', self.command]) def main(): while True: |