escape string for command line

  • Thread starter Ksenia Marasanova
  • Start date
K

Ksenia Marasanova

Hi,

I have a simple ecard creation script on a website, where user can add
text to a graphic. I use ImageMagick for it:

# template_file => path to image template file
# new_file => path to generated file
# text => user input
command = '''convert %s -font OfficinaSanITC-BookOS -pointsize 12
-fill "#8C2F48" -draw "gravity north text 0,26 '%s'" %s''' % (
template_file, text, new_file)
system(command)

I was wondering, is there a general way to escape the string entered
by the user, to prevent code injection into command line? Will it
always be safe, even when binary data is submitted through POST?
Or maybe some stable Python interface for ImageMagick that takes care of it :)

Thanks in advance,
 
M

Marc 'BlackJack' Rintsch

I have a simple ecard creation script on a website, where user can add
text to a graphic. I use ImageMagick for it:

# template_file => path to image template file
# new_file => path to generated file
# text => user input
command = '''convert %s -font OfficinaSanITC-BookOS -pointsize 12
-fill "#8C2F48" -draw "gravity north text 0,26 '%s'" %s''' % (
template_file, text, new_file)
system(command)

I was wondering, is there a general way to escape the string entered
by the user, to prevent code injection into command line?

Take a look at the "string-escape" encoding:
echo '\'; rm -rf /;'
Will it
always be safe, even when binary data is submitted through POST?

Don't know if it's always safe. Unprintable bytes like 0x00 will be
escaped as '\x00'.

Ciao,
Marc 'BlackJack' Rintsch
 
K

Ksenia Marasanova

Take a look at the "string-escape" encoding:

echo '\'; rm -rf /;'

Cool, thanks! Next time I'll study stdlib better before asking the question :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,995
Messages
2,570,236
Members
46,822
Latest member
israfaceZa

Latest Threads

Top