An error when i switched from python v2.6.6 => v3.2.3

[Νίκος Γκρ33κ]

Τη Πέμπτη, 7 Μαρτίου 2013 10:15:11 μ.μ. UTC+2, ο χρήστης Ian έγραψε:
> On Thu, Mar 7, 2013 at 1:04 PM, Νίκος Γκρ33κ <nikos.gr33k at gmail.com> wrote:
> 
> > Τη Πέμπτη, 7 Μαρτίου 2013 9:36:33 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
> 
> >
> 
> >>  So, I see you fixed the problem.  How?
> 
> >
> 
> > Apart from appearing ugly its not causing any more trouble(other than some issues that i have fixed), so i will just d:
> 
> >
> 
> >         os.system( 'python %s > %s' % (htmlpage, temp) )
> 
> >         f = open( temp )
> 
> >         htmldata = f.read()
> 
> >         htmldata = htmldata.replace( 'Content-type: text/html; charset=utf-8', '' )
> 
> 
> 
> If htmlpage is being pulled from the HTTP request as I think it is,
> 
> then you have a code injection vulnerability here.  Think what could
> 
> happen if htmlpage were something like this:
> 
> 
> 
> -c ''; rm -rf /; oops.py

Yes its being pulled by http request!

But please try to do it, i dont think it will work!