[poppler] pdftohtml lets you run random shell commands

Ihar `Philips` Filipau thephilips at gmail.com
Thu Apr 19 12:44:41 PDT 2012

On 4/19/12, Ihar `Philips` Filipau <thephilips at gmail.com> wrote:
> Here is a patch which extends shell escape to cover: device name,
> output file name, ps file name. Win32 part was /tested/ on *nix with
> my eyes. And as it turned out (live and learn) cmd.exe has a command
> separator - &, accidentally a valid file name character - and it too
> has to be escaped. Guess what's escape character? 3... 2... 1... Wrong
> - it's '^', which itself has to be escaped too.
> Have fun.

Oops. And now patch for real.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdftohtml-shell-escape-gs-dev-004.diff
Type: application/octet-stream
Size: 4029 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/poppler/attachments/20120419/f82895ff/attachment.obj>

More information about the poppler mailing list