exozyme/scripts
3
1
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity

Use subprocess.run instead of os.system to hopefully fix arbitrary code execution bugs for real this time

Browse source
This commit is contained in:
Anthony Wang 2021-12-06 17:52:45 -06:00
parent f91da4f99d
commit 802a92c6e5
Signed by: a
GPG key ID: BC96B00AEC5F2D76
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
register
View file

@ -1,6 +1,7 @@
#!/usr/bin/python
import os
from subprocess import run
from json import loads
from http.server import BaseHTTPRequestHandler, HTTPServer
@ -23,8 +24,7 @@ class Server(BaseHTTPRequestHandler):
print('Cannot contain double quotes')
return
os.system('adduser "' + data['username'] + '" "' + data['firstname'].capitalize() + '" "' +
data['lastname'].capitalize() + '" "' + data['email'] + '" "' + data['password'] + '" "' + ldap_pass + '"')
run(['adduser', data['username'], data['firstname'].capitalize(), data['lastname'].capitalize(), data['email'], data['password'], ldap_pass)
self.send_response(200)
self.send_header('Content-type', 'text/html')