search

itsjfx / steam-account-switcher

Steam Account Switcher written in Python with mobile support!
https://jfx.ac
5 stars 1 forks source link

complex password passed into os.system() might get escaped #4

Open AdrianLSY opened 5 years ago

AdrianLSY commented 5 years ago

Hey, just letting you know the password login paramaters might get escaped and cause an error during login eg: & ^ < >

you can have a look at the escape characters here: https://www.robvanderwoude.com/escapechars.php maybe implement some input sanitation

AdrianLSY commented 5 years ago

I've written a quick function which will most likely solve this problem

def prevent_escape(string):
    characters = {'^': '^', '&': '^', '<': '^', '>': '^', '|': '^', '"': '\\'}
    string = list(string)
    for i in range(len(string)):
        if string[i] in characters:
            string[i] = '{}{}'.format(characters[string[i]], string[i])
    return ''.join(string)
itsjfx commented 5 years ago

hey, I've been busy with other projects recently and I'm hoping to do a re-work of this sometime next month when im not so busy. I wrote this a while ago and there's a few small new things I'm planning on adding. thanks for this issue i'll make it sure its fixed on the next major update