[poppler] pdftohtml lets you run random shell commands

Fabio D'Urso fabiodurso at hotmail.it
Sat Apr 21 03:57:09 PDT 2012

On Thursday, April 19, 2012 09:44:41 PM Ihar `Philips` Filipau wrote:
> On 4/19/12, Ihar `Philips` Filipau <thephilips at gmail.com> wrote:
> > Here is a patch which extends shell escape to cover: device name,
> > output file name, ps file name. Win32 part was /tested/ on *nix with
> > my eyes. And as it turned out (live and learn) cmd.exe has a command
> > separator - &, accidentally a valid file name character - and it too
> > has to be escaped. Guess what's escape character? 3... 2... 1... Wrong
> > - it's '^', which itself has to be escaped too.
> > 
> > Have fun.

The Unix part seems to be ok, I still have a doubt about the win32 part:
 pdftohtml -c -dev """ | rundll32 test.dll | echo """ file.pdf
But I don't have a machine to test it at hand.

PS: I'm not sure I've written it correctly. I meant the following C-style
 string: "\" | rundll32 test.dll | echo \""

It results in something like:
 gs -sDEVICE="" | rundll32 test.dll | echo "" -dBATCH -dNOPROMPT -dNOPAUSE
 -r108 -sOutputFile="file%03d.png" -g1263x892 -q "file.ps"

Can someone please test it on win32?


More information about the poppler mailing list