Closed vurral closed 6 years ago
rnhmjoj
commented
6 years ago It's intentionally like this:shell=Trueallows remote code execution.
It could be enabled if we were to properly escape the URI before executing the command.
See https://github.com/vikstrous/pirate-get/issues/99
vurral
commented
6 years ago Yeah, i guessed so.
I was getting „OSError: [Errno 36] File name too long“ for everything I tried. Can you give a working example without ‘shell=True‘? Would very much appreciate it.
On 17. Apr 2018, at 19:03, Michele Guerini Rocco notifications@github.com wrote:
It's intentionally like this:shell=Trueallows remote code execution. It could be enabled if we were to properly escape the URI before executing the command. See #99
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
rnhmjoj
commented
6 years ago What does your command look like?
vikstrous
commented
6 years ago I think it's clear why we can't merge this. Closing.
I wasn't able to get the open_command working when I wanted to pass a magnet URL to the open_command. With
shell=Truepython opens a new shell for the executable and it works as expected.