Django

Code

Changeset 4360

Show
Ignore:
Timestamp:
01/19/07 20:02:07 (1 year ago)
Author:
ubernostrum
Message:

0.95-bugfixes: Apply security fix from [3592] and Windows compatibility for same from [3672]

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • django/branches/0.95-bugfixes/django/bin/compile-messages.py

    r3411 r4360  
    2020                sys.stderr.write('processing file %s in %s\n' % (f, dirpath)) 
    2121                pf = os.path.splitext(os.path.join(dirpath, f))[0] 
    22                 cmd = 'msgfmt -o "%s.mo" "%s.po"' % (pf, pf) 
     22                # Store the names of the .mo and .po files in an environment 
     23                # variable, rather than doing a string replacement into the 
     24                # command, so that we can take advantage of shell quoting, to 
     25                # quote any malicious characters/escaping. 
     26                # See http://cyberelk.net/tim/articles/cmdline/ar01s02.html 
     27                os.environ['djangocompilemo'] = pf + '.mo' 
     28                os.environ['djangocompilepo'] = pf + '.po' 
     29                if sys.platform == 'win32': # Different shell-variable syntax 
     30                    cmd = 'msgfmt -o "%djangocompilemo%" "%djangocompilepo%"' 
     31                else: 
     32                    cmd = 'msgfmt -o "$djangocompilemo" "$djangocompilepo"'  
    2333                os.system(cmd) 
    2434