-
-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix encoding issue when using subprocess in a2x #20
Conversation
Since AFAICT the only place that the returns of A side note on |
We can remove it so long as the python file that is linked has a shebang line. See:
May have been a slightly different story pre-3.3, but for 3.4+ (which asciidoc-py3 targets), we should be in the clear for "standard" python installations. Not sure how worth the quotation thing is leaving in given that Windows XP+ gives commands a max length of 8191 characters (though this is significantly less than the limit on unix-based systems (macOS has a limit of 262144 characters for example). |
As I read your references you still need to use the launcher, ie |
Looking back over them, yeah, it's not actually clear that you don't have to use the launcher (or |
For the quoting, I also do stuff on the Geany IDE and spawning processes on Windows is a real pain, in particular quoting seems to be variable, arcane, and version specific. 😠 My personal feeling is that its only necessary to support windows versions that are still in mainstream support for the consumer version, unless someone particularly contributes any needed support for an older version. (If Microsoft isn't supporting you with bugfixes, or you are a business, why do you expect a volunteer project to do so without your contribution?). I think since January that means Windows 10 only. Not sure if that makes it easier. |
Realistically, I think it'd be more important to fix the calls to the shell function such that we set And given that Windows 10 is the only operating system I've got easy access to, it does make testing easier to only worry about Windows 10 for now, though if it works on Windows 10, chances are good it'll work for 8 as well. I'll write up an issue though to track the two avenues of discussion: 1. check windows support and remove the stuff above subprocess if no longer needed, 2. fix a2x to not require |
Ok. Given that Asciidoc itself spawns filters and other stuff, I'm not sure the shell injection insecurities are such a big problem, but one solution (possibly to both quoting and needing shell) might be to pass |
I've opened #24 for the discussion about shell=True (with a proof of concept of an attack vector that exists within asciidoc because of it). To continue the windows discussion, and tested some stuff on my Windows 10 machine. I used the following file for the test:
The computer had 3.5 installed from a year and half ago, and typing just However, I think all of this is probably outside of the stuff to be done in this PR and this discussion should probably be moved to a relevant issue? |
This was a bug I encountered when running the make process (and it was compiling a2x man page). subprocess.Popen returns binary strings in Python3. We need to either manually decode them or use universal_newlines to get them into unicode strings.
Once Python 3.4 is dropped, it'd probably make sense to replace this call with using
subprocess.run
.