From: Thomas L. <ta...@gm...> - 2007-04-01 17:23:14
|
On 1/13/07, Lennon Cook <mag...@gm...> wrote: > This patch might work better. I managed to accidentally change some > parts of the cached rox-lib2 at some point; this diff is against a clean > version. Comments: "<tag>%s</tag>" % value isn't a safe way to create XML. Think about values containing '<' or '&' characters, for example. popen(" ".join(command), 'w') isn't a safe way to run a command. Think about commands containing arguments with spaces, quotes, etc (popen2 and similar let you pass the command in directly). -- Dr Thomas Leonard http://rox.sourceforge.net GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 |