Τη Πέμπτη, 7 Μαρτίου 2013 10:15:11 μ.μ. UTC+2, ο χρήστης Ian έγραψε: > On Thu, Mar 7, 2013 at 1:04 PM, Νίκος Γκρ33κ <nikos.gr...@gmail.com> wrote: > > > Τη Πέμπτη, 7 Μαρτίου 2013 9:36:33 μ.μ. UTC+2, ο χρήστης Joel Goldstick > > έγραψε: > > > > > >> So, I see you fixed the problem. How? > > > > > > Apart from appearing ugly its not causing any more trouble(other than some > > issues that i have fixed), so i will just d: > > > > > > os.system( 'python %s > %s' % (htmlpage, temp) ) > > > f = open( temp ) > > > htmldata = f.read() > > > htmldata = htmldata.replace( 'Content-type: text/html; > > charset=utf-8', '' ) > > > > If htmlpage is being pulled from the HTTP request as I think it is, > > then you have a code injection vulnerability here. Think what could > > happen if htmlpage were something like this: > > > > -c ''; rm -rf /; oops.py
Yes its being pulled by http request! But please try to do it, i dont think it will work! -- http://mail.python.org/mailman/listinfo/python-list
