1. Armin Rigo
  2. cpython-withatomic

Commits

Fred Drake  committed a911934

Fix webbrowser.py security bug: be more careful about what we pass to
os.system().
This closes Python bug #500401, Debian bug #127507.

  • Participants
  • Parent commits 22dad9f
  • Branches 2.1

Comments (0)

Files changed (1)

File Lib/webbrowser.py

View file
  • Ignore whitespace
         self.basename = os.path.basename(self.name)
 
     def open(self, url, new=0, autoraise=1):
+        assert "'" not in url
         command = "%s %s" % (self.name, self.args)
         os.system(command % url)
 
             self.name = self.basename = "kfm"
 
     def _remote(self, action):
-        cmd = "kfmclient %s >/dev/null 2>&1" % action
+        assert "'" not in action
+        cmd = "kfmclient '%s' >/dev/null 2>&1" % action
         rc = os.system(cmd)
         if rc:
             import time
     def open(self, url, new=1, autoraise=1):
         # XXX Currently I know no way to prevent KFM from
         # opening a new win.
-        self._remote("openURL %s" % url)
+        self._remote("openURL '%s'" % url)
 
     open_new = open
 
     if os.environ.get("TERM"):
         # The Links browser <http://artax.karlin.mff.cuni.cz/~mikulas/links/>
         if _iscommand("links"):
-            register("links", None, GenericBrowser("links %s"))
+            register("links", None, GenericBrowser("links '%s'"))
         # The Lynx browser <http://lynx.browser.org/>
         if _iscommand("lynx"):
-            register("lynx", None, GenericBrowser("lynx %s"))
+            register("lynx", None, GenericBrowser("lynx '%s'"))
         # The w3m browser <http://ei5nazha.yz.yamagata-u.ac.jp/~aito/w3m/eng/>
         if _iscommand("w3m"):
-            register("w3m", None, GenericBrowser("w3m %s"))
+            register("w3m", None, GenericBrowser("w3m '%s'"))
 
     # X browsers have more in the way of options
     if os.environ.get("DISPLAY"):
         # First, the Netscape series
-        if _iscommand("netscape") or _iscommand("mozilla"):
-            if _iscommand("mozilla"):
-                register("mozilla", None, Netscape("mozilla"))
-            if _iscommand("netscape"):
-                register("netscape", None, Netscape("netscape"))
+        if _iscommand("mozilla"):
+            register("mozilla", None, Netscape("mozilla"))
+        if _iscommand("netscape"):
+            register("netscape", None, Netscape("netscape"))
 
         # Next, Mosaic -- old but still in use.
         if _iscommand("mosaic"):
-            register("mosaic", None, GenericBrowser("mosaic %s >/dev/null &"))
+            register("mosaic", None, GenericBrowser(
+                "mosaic '%s' >/dev/null &"))
 
         # Konqueror/kfm, the KDE browser.
         if _iscommand("kfm") or _iscommand("konqueror"):
 for cmd in _tryorder:
     if not _browsers.has_key(cmd.lower()):
         if _iscommand(cmd.lower()):
-            register(cmd.lower(), None, GenericBrowser("%s %%s" % cmd.lower()))
+            register(cmd.lower(), None, GenericBrowser(
+                "%s '%%s'" % cmd.lower()))
 
 _tryorder = filter(lambda x: _browsers.has_key(x.lower())
                    or x.find("%s") > -1, _tryorder)