[poppler] pdftohtml lets you run random shell commands
Ihar `Philips` Filipau
thephilips at gmail.com
Thu Apr 19 12:44:41 PDT 2012
On 4/19/12, Ihar `Philips` Filipau <thephilips at gmail.com> wrote:
> Here is a patch which extends shell escape to cover: device name,
> output file name, ps file name. Win32 part was /tested/ on *nix with
> my eyes. And as it turned out (live and learn) cmd.exe has a command
> separator - &, accidentally a valid file name character - and it too
> has to be escaped. Guess what's escape character? 3... 2... 1... Wrong
> - it's '^', which itself has to be escaped too.
> Have fun.
Oops. And now patch for real.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4029 bytes
Desc: not available
More information about the poppler