On Thu, Mar 7, 2013 at 1:04 PM, Νίκος Γκρ33κ <nikos.gr...@gmail.com> wrote: > Τη Πέμπτη, 7 Μαρτίου 2013 9:36:33 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε: > >> So, I see you fixed the problem. How? > > Apart from appearing ugly its not causing any more trouble(other than some > issues that i have fixed), so i will just d: > > os.system( 'python %s > %s' % (htmlpage, temp) ) > f = open( temp ) > htmldata = f.read() > htmldata = htmldata.replace( 'Content-type: text/html; > charset=utf-8', '' )
If htmlpage is being pulled from the HTTP request as I think it is, then you have a code injection vulnerability here. Think what could happen if htmlpage were something like this: -c ''; rm -rf /; oops.py -- http://mail.python.org/mailman/listinfo/python-list
