-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Defend against RCE and XSS; modernize.
RCE was theoretically possible depending on how strict cgi.parse_header() reads Content-Type. If it ever returned shell metacharacters, those would be passed directly to the shell. This patch switches the code from popen2 to subprocess, since the latter is deprecated, and we get lots of warnings about that in our Apache error logs.
- Loading branch information
brett
committed
Jan 31, 2014
1 parent
971e2a9
commit d6c21fd
Showing
1 changed file
with
93 additions
and
109 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters