#2604: compile-messages.py fails on win32
----------------------------------+-----------------------------------------
Reporter: Jarosław Zabiełło | Owner: hugo
Type: defect | Status: new
Priority: normal | Milestone:
Component: Internationalization | Version: SVN
Severity: normal | Resolution:
Keywords: win32 i18n |
----------------------------------+-----------------------------------------
Comment (by ubernostrum):
Your suggested patch is how it actually used to be, except that creates a
security vulnerability; a malicious user with knowledge of how most shells
work could -- if you didn't pay attention to the name of the file you were
compiling -- cause arbitrary shell commands to be executed by giving the
file a creative name. See this entry in the official Django blog for
details: http://www.djangoproject.com/weblog/2006/aug/16/compilemessages/.
The correct solution here is to check which platform we're on and use that
to determine whether variables are referenced using a dollar sign (for
Unix) or a percent sign (for Windows).
--
Ticket URL: <http://code.djangoproject.com/ticket/2604>
Django <http://code.djangoproject.org/>
The web framework for perfectionists with deadlines.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates
-~----------~----~----~----~------~----~------~--~---
