Bernd Dietzel added the comment: My patch for mailcap.py. Please check and apply my patch please.
1) I have removed the os.system() calls for security reasons. 2) New "findmtach_list()" function witch returns the commandline as a [list] witch can be passed to subprocess instead of passing it to os.system(). 3) New run() function to execute the cmd_list with subprocess. 4) The test() function now uses findmatch_list() and run() instead of the old findmatch() and os.system() calls. 5) The subst() function is now shorter an does a quote(filename) when its replacing %s with a filename. 6) The "old" findmatch() function is still there if the user still likes to have the commandline as a "string". Attention ! With this old findmatch() function it's still possible that a shell command in the filename like '$(ls).txt' will be executed when the users passes the string to os.system() outside the mailcap script. Use findmatch() only for backwards compatibility. 7) Use the new findmatch_list() an run() for future projects. 8) Add 1)-7) to the docs Thank you. ---------- Added file: http://bugs.python.org/file40897/mailcap patch.zip _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue24778> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
