summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFlorent Le Coz <louiz@louiz.org>2012-07-05 00:49:00 +0200
committerFlorent Le Coz <louiz@louiz.org>2012-07-05 00:50:47 +0200
commitd47c31a58748d6cfc52c893eaf39d5412cba1f84 (patch)
treec7017b92a9011a4b5fcf75541ac079f43d1c4d86 /src
parent73b8addafe654077b80b33e8f200c33ec671d2ee (diff)
downloadpoezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.tar.gz
poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.tar.bz2
poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.tar.xz
poezio-d47c31a58748d6cfc52c893eaf39d5412cba1f84.zip
Properly quote the %(body)s and %(from)s used in the simple_notify plugin.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/daemon.py14
1 files changed, 7 insertions, 7 deletions
diff --git a/src/daemon.py b/src/daemon.py
index bd6dbd85..5d8c9fab 100755
--- a/src/daemon.py
+++ b/src/daemon.py
@@ -29,19 +29,19 @@ log = logging.getLogger(__name__)
class Executor(threading.Thread):
"""
- Just a class to execute commands in a thread.
- This way, the execution can totally fail, we don’t care,
- and we can start commands without having to wait for them
- to return
+ Just a class to execute commands in a thread. This way, the execution
+ can totally fail, we don’t care, and we can start commands without
+ having to wait for them to return.
+ WARNING: Be careful to properly escape what is untrusted by using
+ pipes.quote (or shlex.quote with python 3.3) for example.
"""
def __init__(self, command):
threading.Thread.__init__(self)
self.command = command
def run(self):
- log.info('executing %s' % (self.command.strip(),))
- command = shlex.split('sh -c "%s"' % self.command)
- subprocess.call(command)
+ log.info('executing %s' % (self.command,))
+ subprocess.call(['sh', '-c', self.command])
def main():
while True: