moparisthebest
/
SickRage
mirror of https://github.com/moparisthebest/SickRage
1
0
Fork 0
Code Issues Releases Wiki Activity

prevent command injection 

to prevent command injection when using the ‘cp’ command to perform
copied use subprocess instead of os.system
This commit is contained in:
elijordan 2015-01-31 16:44:42 +11:00
parent a8787bc0d3
commit 1b3b10903b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sickbeard/helpers.py
View File

@ -43,6 +43,8 @@ import requests
import requests.exceptions import requests.exceptions
import xmltodict import xmltodict
import subprocess
from sickbeard.exceptions import MultipleShowObjectsException, ex from sickbeard.exceptions import MultipleShowObjectsException, ex
from sickbeard import logger, classes from sickbeard import logger, classes
from sickbeard.common import USER_AGENT, mediaExtensions, subtitleExtensions from sickbeard.common import USER_AGENT, mediaExtensions, subtitleExtensions
@ -343,7 +345,7 @@ def listMediaFiles(path):
def copyFile(srcFile, destFile): def copyFile(srcFile, destFile):
if isPosix(): if isPosix():
os.system('cp "%s" "%s"' % (srcFile, destFile)) subprocess.call(['cp', srcFile, destFile])
else: else:
ek.ek(shutil.copyfile, srcFile, destFile) ek.ek(shutil.copyfile, srcFile, destFile)