From 118bbe0922ee8c61d3bf89c0c2ffd4c1fb905de9 Mon Sep 17 00:00:00 2001
From: Kristian Rumberg <kristianrumberg@gmail.com>
Date: Fri, 8 Aug 2008 01:12:03 +0200
Subject: [PATCH] Variables should not contain & since that can execute
 arbitrary code on UNIX

---
 pyvconv.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pyvconv.py b/pyvconv.py
index 92efbd9..c7a816e 100644
--- a/pyvconv.py
+++ b/pyvconv.py
@@ -14,6 +14,8 @@ class RenderCommand:
         self.optset_list = optset_list
 
     def set_var(self, var_str, val_str):
+        if val_str.find("&") != -1:
+            raise "Warning: Trying to execute arbitrary code"
         self.var_list[var_str] = val_str
 
     def _insert_known_vars(self, instr):
-- 
2.11.4.GIT