Properly quote the %(body)s and %(from)s used in the simple_notify plugin.
This commit is contained in:
Florent Le Coz
parent
73b8addafe
commit
d47c31a587
3 changed files with 13 additions and 11 deletions
|
|
@ -20,9 +20,9 @@ command = notify-send -i /path/to/poezio/data/poezio_80.png "New message from %(
|
|||
[source,conf]
|
||||
---------------------------------------------------------------------
|
||||
[simple_notify]
|
||||
command = echo %{from}s\> %{body}s >> some.fifo
|
||||
command = echo \\<%{from}s\\> %{body}s >> some.fifo
|
||||
delay = 3
|
||||
after_command echo = >> some.fifo
|
||||
after_command = echo >> some.fifo
|
||||
---------------------------------------------------------------------
|
||||
|
||||
You can put any command, instead of these ones. You can also use the
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
from plugin import BasePlugin
|
||||
from xhtml import clean_text, get_body_from_message_stanza
|
||||
from timed_events import DelayedEvent
|
||||
import pipes
|
||||
|
||||
class Plugin(BasePlugin):
|
||||
def init(self):
|
||||
|
|
@ -28,9 +29,10 @@ class Plugin(BasePlugin):
|
|||
if not command:
|
||||
self.core.information('No notification command was provided in the configuration file', 'Warning')
|
||||
return
|
||||
self.core.exec_command(command % {'body':body, 'from':fro})
|
||||
self.core.exec_command(command % {'body':pipes.quote(body), 'from':pipes.quote(fro)})
|
||||
after_command = self.config.get('after_command', '').strip()
|
||||
if not after_command:
|
||||
return
|
||||
delayed_event = DelayedEvent(self.config.get('delay', 1), self.core.exec_command, after_command % {'body':body, 'from':fro})
|
||||
delayed_event = DelayedEvent(self.config.get('delay', 1), self.core.exec_command, after_command % {'body':pipes.quote(body), 'from':pipes.quote(fro)})
|
||||
self.core.add_timed_event(delayed_event)
|
||||
4
|
||||
|
|
|
|||
|
|
@ -29,19 +29,19 @@ log = logging.getLogger(__name__)
|
|||
|
||||
class Executor(threading.Thread):
|
||||
"""
|
||||
Just a class to execute commands in a thread.
|
||||
This way, the execution can totally fail, we don’t care,
|
||||
and we can start commands without having to wait for them
|
||||
to return
|
||||
Just a class to execute commands in a thread. This way, the execution
|
||||
can totally fail, we don’t care, and we can start commands without
|
||||
having to wait for them to return.
|
||||
WARNING: Be careful to properly escape what is untrusted by using
|
||||
pipes.quote (or shlex.quote with python 3.3) for example.
|
||||
"""
|
||||
def __init__(self, command):
|
||||
threading.Thread.__init__(self)
|
||||
self.command = command
|
||||
|
||||
def run(self):
|
||||
log.info('executing %s' % (self.command.strip(),))
|
||||
command = shlex.split('sh -c "%s"' % self.command)
|
||||
subprocess.call(command)
|
||||
log.info('executing %s' % (self.command,))
|
||||
subprocess.call(['sh', '-c', self.command])
|
||||
|
||||
def main():
|
||||
while True:
|
||||
|
|
|
|||
Loading…
Reference in a new issue