[poppler] pdftohtml lets you run random shell commands
Fabio D'Urso
fabiodurso at hotmail.it
Sat Apr 21 03:57:09 PDT 2012
On Thursday, April 19, 2012 09:44:41 PM Ihar `Philips` Filipau wrote:
> On 4/19/12, Ihar `Philips` Filipau <thephilips at gmail.com> wrote:
> > Here is a patch which extends shell escape to cover: device name,
> > output file name, ps file name. Win32 part was /tested/ on *nix with
> > my eyes. And as it turned out (live and learn) cmd.exe has a command
> > separator - &, accidentally a valid file name character - and it too
> > has to be escaped. Guess what's escape character? 3... 2... 1... Wrong
> > - it's '^', which itself has to be escaped too.
> >
> > Have fun.
The Unix part seems to be ok, I still have a doubt about the win32 part:
pdftohtml -c -dev """ | rundll32 test.dll | echo """ file.pdf
But I don't have a machine to test it at hand.
PS: I'm not sure I've written it correctly. I meant the following C-style
string: "\" | rundll32 test.dll | echo \""
It results in something like:
gs -sDEVICE="" | rundll32 test.dll | echo "" -dBATCH -dNOPROMPT -dNOPAUSE
-r108 -sOutputFile="file%03d.png" -g1263x892 -q "file.ps"
Can someone please test it on win32?
Fabio
More information about the poppler
mailing list