[poppler] pdftohtml lets you run random shell commands
Ihar `Philips` Filipau
thephilips at gmail.com
Thu Apr 19 12:44:41 PDT 2012
On 4/19/12, Ihar `Philips` Filipau <thephilips at gmail.com> wrote:
>
> Here is a patch which extends shell escape to cover: device name,
> output file name, ps file name. Win32 part was /tested/ on *nix with
> my eyes. And as it turned out (live and learn) cmd.exe has a command
> separator - &, accidentally a valid file name character - and it too
> has to be escaped. Guess what's escape character? 3... 2... 1... Wrong
> - it's '^', which itself has to be escaped too.
>
> Have fun.
>
Oops. And now patch for real.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdftohtml-shell-escape-gs-dev-004.diff
Type: application/octet-stream
Size: 4029 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20120419/f82895ff/attachment.obj>
More information about the poppler
mailing list