Message 247946 - Python tracker

Message247946

Author	TheRegRunner
Recipients	TheRegRunner, r.david.murray
Date	2015-08-03.19:27:35
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1438630055.26.0.630995114057.issue24778@psf.upfronthosting.co.za>
In-reply-to

Content
@David Thanks for the comment :-) I think if you read the Documentation https://docs.python.org/2/library/mailcap.html this may lead new programmers, wich may never heard of Shell Injections before, step by step directly to write insecure webbbrowsers and/or mail readers. At least there should be a warning in the docs ! You ask why run-mailcap do not use quotig, i believe because quoting is not an easy thing to do, i attached a demo ;-) Thank you.

Content

@David
Thanks for the comment :-)

I think if you read the Documentation 
https://docs.python.org/2/library/mailcap.html
this may lead new programmers, wich may never heard of Shell Injections before, step by step directly to write insecure webbbrowsers and/or mail readers. At least there should be a warning in the docs !
   
You ask why run-mailcap do not use quotig, i believe because quoting is not an easy thing to do, i attached a demo ;-)

Thank you.

History
Date	User	Action	Args
2015-08-03 19:27:35	TheRegRunner	set	recipients: + TheRegRunner, r.david.murray
2015-08-03 19:27:35	TheRegRunner	set	messageid: <1438630055.26.0.630995114057.issue24778@psf.upfronthosting.co.za>
2015-08-03 19:27:35	TheRegRunner	link	issue24778 messages
2015-08-03 19:27:35	TheRegRunner	create