Use subprocess.run instead of os.system to hopefully fix arbitrary code execution bugs for real this time
This commit is contained in:
parent
f91da4f99d
commit
802a92c6e5
1 changed files with 2 additions and 2 deletions
4
register
4
register
|
@ -1,6 +1,7 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import os
|
||||
from subprocess import run
|
||||
from json import loads
|
||||
from http.server import BaseHTTPRequestHandler, HTTPServer
|
||||
|
||||
|
@ -23,8 +24,7 @@ class Server(BaseHTTPRequestHandler):
|
|||
print('Cannot contain double quotes')
|
||||
return
|
||||
|
||||
os.system('adduser "' + data['username'] + '" "' + data['firstname'].capitalize() + '" "' +
|
||||
data['lastname'].capitalize() + '" "' + data['email'] + '" "' + data['password'] + '" "' + ldap_pass + '"')
|
||||
run(['adduser', data['username'], data['firstname'].capitalize(), data['lastname'].capitalize(), data['email'], data['password'], ldap_pass)
|
||||
|
||||
self.send_response(200)
|
||||
self.send_header('Content-type', 'text/html')
|
||||
|
|
Loading…
Reference in a new issue