[X2Go-Commits] python-x2go.git - twofactorauth (branch) updated: 0.1.1.4-7-g07dc777
X2Go dev team
git-admin at x2go.org
Sat Sep 14 15:56:59 CEST 2013
The branch, twofactorauth has been updated
via 07dc7771aad40611427ad7953a89be9ac52b789e (commit)
from 3c50a9d2584b10c573fd3762ceb527b03f8df20a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
x2go/backends/terminal/_stdout.py | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
The diff of changes is:
diff --git a/x2go/backends/terminal/_stdout.py b/x2go/backends/terminal/_stdout.py
index 79ecee3..19d842e 100644
--- a/x2go/backends/terminal/_stdout.py
+++ b/x2go/backends/terminal/_stdout.py
@@ -698,7 +698,11 @@ class X2goTerminalSessionSTDOUT(object):
return True
elif 'XSHAD' in cmd:
return True
- elif cmd:
+ elif cmd and cmd.startswith('/'):
+ # check if full path is correct _and_ if application is in server path
+ test_cmd = 'test -x %s && which %s && echo OK' % (cmd, os.path.basename(cmd.split()[0]))
+ elif cmd and '/' not in cmd:
+ # check if application is in server path only
test_cmd = 'which %s && echo OK' % os.path.basename(cmd.split()[0])
if test_cmd:
@@ -743,14 +747,19 @@ class X2goTerminalSessionSTDOUT(object):
# do not run command when in DESKTOP SHARING mode...
return None
+
self.params.update({'cmd': cmd})
+ # do not allow the execution of full path names
+ if '/' in cmd:
+ cmd = os.path.basename(cmd)
+
cmd_line = [ "setsid x2goruncommand",
str(self.session_info.display),
str(self.session_info.agent_pid),
str(self.session_info.name),
str(self.session_info.snd_port),
- _rewrite_blanks(_rewrite_cmd(self.params.cmd, params=self.params)),
+ _rewrite_blanks(_rewrite_cmd(cmd, params=self.params)),
str(self.params.snd_system),
str(self.params.session_type),
">& /dev/null & exit",
@@ -827,6 +836,10 @@ class X2goTerminalSessionSTDOUT(object):
if self.params.kblayout or self.params.kbtype:
setkbd = "1"
+ cmd = self.params.cmd
+ if '/' in cmd:
+ cmd = os.path.basename(cmd)
+
cmd_line = [ "x2gostartagent",
str(self.params.geometry),
str(self.params.link),
@@ -836,7 +849,7 @@ class X2goTerminalSessionSTDOUT(object):
str(self.params.kbtype),
str(setkbd),
str(self.params.session_type),
- self.params.cmd,
+ cmd,
]
if self.params.cmd == 'XDMCP' and self.params.xdmcp_server:
hooks/post-receive
--
python-x2go.git (Python X2Go Client API)
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "python-x2go.git" (Python X2Go Client API).
More information about the x2go-commits
mailing list