From 836d2c942be8c22f0946006554f5233b5a2a201a Mon Sep 17 00:00:00 2001 From: Filipp Lepalaan Date: Thu, 22 Sep 2016 12:57:48 +0300 Subject: Added input sanitation --- functions.py | 7 +++++-- printers.py | 2 +- tests.py | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/functions.py b/functions.py index 6b76dc4..0d59e78 100644 --- a/functions.py +++ b/functions.py @@ -13,6 +13,9 @@ SERVICEDIR = '/Library/Services' def display_notification(msg, title='', subtitle=''): + msg = msg.replace('"', '\\"') + title = title.replace('"', '\\"') + subtitle = subtitle.replace('"', '\\"') osascript('display notification "{0}" with title "{1}" subtitle "{2}"'.format(msg, title, subtitle)) @@ -33,7 +36,7 @@ def exec_jar(path, user): if not os.path.exists(javapath): raise ValueError('Looks like your machine does not have Java installed') - subprocess.call(['launchctl', 'asuser', user, javapath, '-jar', path, '-silent']) + subprocess.call(['/bin/launchctl', 'asuser', user, javapath, '-jar', path, '-silent']) def osascript(s): @@ -181,7 +184,7 @@ def umount(path): """ Unmounts path """ - subprocess.call(['umount', path]) + subprocess.call(['/sbin/umount', path]) def enable_ard(username): diff --git a/printers.py b/printers.py index 60afd2e..d3c7539 100644 --- a/printers.py +++ b/printers.py @@ -10,7 +10,7 @@ def delete_printers(): def add_printer(printer, options={}): """ - Adds a printer + Add a printer A printer is a tuple (name, PPD path, LPD address) """ cmd = ['/usr/sbin/lpadmin', '-x', printer[1]] diff --git a/tests.py b/tests.py index 493fc0f..6e9b28e 100755 --- a/tests.py +++ b/tests.py @@ -60,7 +60,7 @@ class FunctionsTestCase(TestCase): self.stickes = '/Applications/Stickies.app' def test_notification(self): - mh.display_notification('blaaa') + mh.display_notification('blaaa "lalala"') def test_add_login_item(self): mh.add_login_item(self.stickes) -- cgit v1.2.3