[poppler] pdftohtml lets you run random shell commands
fabiodurso at hotmail.it
Mon Apr 23 13:10:27 PDT 2012
On Monday, April 23, 2012 07:10:05 PM Albert Astals Cid wrote:
> El Dilluns, 23 d'abril de 2012, a les 12:35:46, William Bader va escriure:
> > Would it be safer to call one of the exec() functions instead of
> > system()?
> Of course it is, it is what my patch does. Actually as my initial mail i
> don't think quoting is a valid fix, so i'm voting for exec()+whatever
> window has in turn of exec or direct removal.
On windows, the command line is just a string. Therefore, arguments must still
be escaped. And escaping rules for CreateProcess are different than escaping
rules for the cmd shell...
I'm attaching a patch (to be applied on top of Albert's initial one) that
implements the executeCommand on win32
Parsing C Command-Line Arguments
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2062 bytes
Desc: not available
More information about the poppler