An error when i switched from python v2.6.6 => v3.2.3

Thu Mar 7 15:15:11 EST 2013

On Thu, Mar 7, 2013 at 1:04 PM, Νίκος Γκρ33κ <nikos.gr33k at gmail.com> wrote:
> Τη Πέμπτη, 7 Μαρτίου 2013 9:36:33 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
>
>>  So, I see you fixed the problem.  How?
>
> Apart from appearing ugly its not causing any more trouble(other than some issues that i have fixed), so i will just d:
>
>         os.system( 'python %s > %s' % (htmlpage, temp) )
>         f = open( temp )
>         htmldata = f.read()
>         htmldata = htmldata.replace( 'Content-type: text/html; charset=utf-8', '' )

If htmlpage is being pulled from the HTTP request as I think it is,
then you have a code injection vulnerability here.  Think what could
happen if htmlpage were something like this:

-c ''; rm -rf /; oops.py