Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
shell=False is dangerous
Signed-off-by: Chris Warrick <kwpolska@gmail.com>
  • Loading branch information
Kwpolska committed Jun 11, 2015
1 parent 3ff2344 commit f1e95ef
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions nikola/plugins/command/auto/__init__.py
Expand Up @@ -124,14 +124,13 @@ def _execute(self, options, args):
elif pyinotify is None:
req_missing(['pyinotify'], 'use the "auto" command')

arguments = ['build']
self.cmd_arguments = ['build']
if self.site.configuration_filename != 'conf.py':
arguments = ['--conf=' + self.site.configuration_filename] + arguments
self.cmd_arguments = ['--conf=' + self.site.configuration_filename] + self.cmd_arguments

self.command_line = 'nikola ' + ' '.join(arguments)

# Run an initial build so we are up-to-date
subprocess.call(["nikola"] + arguments)
subprocess.call(["nikola"] + self.cmd_arguments)

port = options and options.get('port')
self.snippet = '''<script>document.write('<script src="http://'
Expand Down Expand Up @@ -214,7 +213,7 @@ def __call__(self, environ, start_response):
exit(130)

def do_rebuild(self, event):
p = subprocess.Popen(self.command_line, shell=True, stderr=subprocess.PIPE)
p = subprocess.Popen(self.cmd_arguments, stderr=subprocess.PIPE)
if p.wait() != 0:
error = p.stderr.read()
self.logger.error(error)
Expand Down

0 comments on commit f1e95ef

Please sign in to comment.