]> git.phdru.name Git - mimedecode.git/commitdiff
projects / mimedecode.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ec9ca52)
Feat: Replaced outdated and insecure `mktemp` with `NamedTemporaryFile`
authorOleg Broytman <phd@phdru.name>
Sun, 31 Mar 2019 21:25:00 +0000 (00:25 +0300)
committerOleg Broytman <phd@phdru.name>
Sun, 31 Mar 2019 21:33:38 +0000 (00:33 +0300)
ANNOUNCE patch | blob | history
ChangeLog patch | blob | history
mimedecode/mimedecode.py patch | blob | history

diff --git a/ANNOUNCE b/ANNOUNCE
index a2be0e5e5959396fb85445cfff714d7b04a1231b..5d7a2a0a4fd6fbaf439aa08bb7f17052a65a5236 100644 (file)
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -30,6 +30,10 @@ everything else. This is how it could be done:
    mimedecode -t application/pdf -t application/postscript -t text/plain -b text/html -B 'image/*' -i '*/*'
 
 
+Version 3.0.1 (2019-??-??)
+
+   Replaced outdated and insecure `mktemp` with `NamedTemporaryFile`.
+
 Version 3.0.0 (2019-02-01)
 
    Python 3.7.
diff --git a/ChangeLog b/ChangeLog
index 22e746900ab77a79b4cb6780f536a517771fe276..f2aae0e9c7c87226f4f5c06ca006f4d04ce79dc1 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Version 3.0.1 (2019-??-??)
+
+   Replaced outdated and insecure `mktemp` with `NamedTemporaryFile`.
+
 Version 3.0.0 (2019-02-01)
 
    Python 3.7.
diff --git a/mimedecode/mimedecode.py b/mimedecode/mimedecode.py
index 4ca2f25d2d061dba16294d67ab8018ea00be2b37..ead1ab38493c7e5119d8204a8731747cc534647c 100644 (file)
--- a/mimedecode/mimedecode.py
+++ b/mimedecode/mimedecode.py
@@ -227,29 +227,28 @@ def decode_body(msg, s):
         charset = msg.get_content_charset()
     else:
         charset = None
-    filename = tempfile.mktemp()
+    tmpfile = tempfile.NamedTemporaryFile()
     command = None
 
     entries = mailcap.lookup(caps, content_type, "view")
     for entry in entries:
         if 'copiousoutput' in entry:
             if 'test' in entry:
-                test = mailcap.subst(entry['test'], content_type, filename)
+                test = mailcap.subst(entry['test'], content_type, tmpfile.name)
                 if test and os.system(test) != 0:
                     continue
-            command = mailcap.subst(entry["view"], content_type, filename)
+            command = mailcap.subst(entry["view"], content_type, tmpfile.name)
             break
 
     if not command:
         return s
 
-    outfile = open(filename, 'wb')
     if charset and bytes is not str and isinstance(s, bytes):  # Python3
         s = s.decode(charset, "replace")
     if not isinstance(s, bytes):
         s = s.encode(g.default_encoding, "replace")
-    outfile.write(s)
-    outfile.close()
+    tmpfile.write(s)
+    tmpfile.flush()
 
     pipe = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE)
     new_s = pipe.stdout.read()
@@ -268,7 +267,7 @@ def decode_body(msg, s):
         msg["X-MIME-Autoconverted"] = \
             "failed conversion from %s to text/plain by %s id %s" \
             % (content_type, g.host_name, command.split()[0])
-    os.remove(filename)
+    tmpfile.close()  # Will be removed on close
 
     return s
 
A program to decode MIME messages.