innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

0.90-fixes: Fixed minor security hole in compile-messages.py. See trunk patch in [3592] 

git-svn-id: http://code.djangoproject.com/svn/django/branches/0.90-bugfixes@3594 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
James Bennett 2006-08-16 06:29:22 +00:00
parent 021e0c6b88
commit 6eefa521be
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
django/bin/compile-messages.py
View File

@ -19,6 +19,13 @@ for (dirpath, dirnames, filenames) in os.walk(basedir):
if file.endswith('.po'): if file.endswith('.po'):
sys.stderr.write('processing file %s in %s\n' % (file, dirpath)) sys.stderr.write('processing file %s in %s\n' % (file, dirpath))
pf = os.path.splitext(os.path.join(dirpath, file))[0] pf = os.path.splitext(os.path.join(dirpath, file))[0]
cmd = 'msgfmt -o %s.mo %s.po' % (pf, pf) # Store the names of the .mo and .po files in an environment
# variable, rather than doing a string replacement into the
# command, so that we can take advantage of shell quoting, to
# quote any malicious characters/escaping.
# See http://cyberelk.net/tim/articles/cmdline/ar01s02.html
os.environ['djangocompilemo'] = pf + '.mo'
os.environ['djangocompilepo'] = pf + '.po'
cmd = 'msgfmt -o "$djangocompilemo" "$djangocompilepo"'
os.system(cmd) os.system(cmd)