Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.013 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; "'python": 0.07; 'ugly': 0.07; "%s'": 0.09; '-rf': 0.09; 'subject:error': 0.11; 'subject:python': 0.11; 'charset:iso-8859-7': 0.15; "'';": 0.16; 'f.read()': 0.16; 'subject:when': 0.16; 'temp': 0.16; 'wrote:': 0.17; 'thu,': 0.17; 'causing': 0.20; 'http': 0.22; 'this:': 0.23; 'header:In-Reply-To:1': 0.25; 'message-id:@mail.gmail.com': 0.27; 'fixed': 0.28; "skip:' 10": 0.30; 'code': 0.31; 'problem.': 0.32; 'could': 0.32; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'so,': 0.35; 'pm,': 0.35; 'something': 0.35; 'being': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'to:addr:python.org': 0.39; 'think': 0.40; 'more': 0.63; '2013': 0.84; 'text/html;': 0.84; 'to:name:python': 0.84; '\xcc\xe1\xf1\xf4\xdf\xef\xf5': 0.84; 'joel': 0.91 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type:content-transfer-encoding; bh=EBBYdo+by2wZrMNkqp6mUL1d67VIfblKHJ0fhGxBoR4=; b=rC6m1WshuXcZoInJFFwWvSwKQ2a0q+Svo/FHiSfi7hhK21jyscoQsQg6Vmcp3iBkLL 84wVQCS6O5y3smSHIRYYgYqN5yWCwVW4hwzMII4cYp2+a65cu+rdx/cjHmG8NrX02jE+ D67V6J3XqWPY7YGXP6zltXl05+haRyPs9FbOSH0QDwoogte17ARRkbmUIPHjgrmXkmYf bFqVu35le4/ejvig4+pJu7VIDPcq+hiz3Mclsw1tHO9mODlZftSB1cjDKaupLkEtgceQ jMjpdDMXE5qzLqxRXqbtDXTHkm8mFU5XPQOQCymaRBg0lk3QOsm8xxVCa3HWhR/AZmkt hZOQ== X-Received: by 10.220.219.9 with SMTP id hs9mr13429215vcb.68.1362687352840; Thu, 07 Mar 2013 12:15:52 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <0074be2d-1f52-4626-bf53-fd9591f16bf7@googlegroups.com> References: <8e17232e-5b24-4040-9215-c4bd89f34fa2@googlegroups.com> <622d4a2d-0014-4254-b211-c8fd66510f74@googlegroups.com> <33f153b4-4f54-429a-a92d-387b679bf758@googlegroups.com> <20130307105137.a6cae268f7f074fbf5017b1d@lavabit.com> <0074be2d-1f52-4626-bf53-fd9591f16bf7@googlegroups.com> From: Ian Kelly Date: Thu, 7 Mar 2013 13:15:11 -0700 Subject: Re: An error when i switched from python v2.6.6 => v3.2.3 To: Python Content-Type: text/plain; charset=ISO-8859-7 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 21 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1362687355 news.xs4all.nl 6924 [2001:888:2000:d::a6]:35684 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:40817 On Thu, Mar 7, 2013 at 1:04 PM, =CD=DF=EA=EF=F2 =C3=EA=F133=EA wrote: > =D4=E7 =D0=DD=EC=F0=F4=E7, 7 =CC=E1=F1=F4=DF=EF=F5 2013 9:36:33 =EC.=EC. = UTC+2, =EF =F7=F1=DE=F3=F4=E7=F2 Joel Goldstick =DD=E3=F1=E1=F8=E5: > >> So, I see you fixed the problem. How? > > Apart from appearing ugly its not causing any more trouble(other than som= e issues that i have fixed), so i will just d: > > os.system( 'python %s > %s' % (htmlpage, temp) ) > f =3D open( temp ) > htmldata =3D f.read() > htmldata =3D htmldata.replace( 'Content-type: text/html; charset= =3Dutf-8', '' ) If htmlpage is being pulled from the HTTP request as I think it is, then you have a code injection vulnerability here. Think what could happen if htmlpage were something like this: -c ''; rm -rf /; oops.py