Message 328484 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Yhojann Aguilera
Recipients	Yhojann Aguilera
Date	2018-10-25.20:20:14
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1540498814.71.0.788709270274.issue35071@psf.upfronthosting.co.za>
In-reply-to

Content
The functios like as PyUnicode_FromString use a printf format in char array argument. Example: PyUnicode_FromString("a%22b"); in module interprete the %22 as 22 blank spaces. A double quote in module add a backslash. Poc: Y try send a string from c++ to python string using: PyObject* pyString = PyUnicode_FromString("/abc/def.html/a%22.php?abc=&def=%22;%00s%01"); .... PyObject* pyArgs = Py_BuildValue("(z)", pyString); ... PyObject_CallObject(pFunc, pyArgs); But in script the string is bad: function(data): print(data) The result is: /abc/def.html/a bogus %pp?abc=&def= %;(null)%

The functios like as PyUnicode_FromString use a printf format in char array argument. Example: PyUnicode_FromString("a%22b"); in module interprete the %22 as 22 blank spaces. A double quote in module add a backslash. Poc:

Y try send a string from c++ to python string using:

PyObject* pyString = PyUnicode_FromString("/abc/def.html/a%22.php?abc=&def=%22;%00s%01");
....
PyObject* pyArgs = Py_BuildValue("(z)", pyString);
...
PyObject_CallObject(pFunc, pyArgs);

But in script the string is bad:

function(data):
    print(data)

The result is:

/abc/def.html/a              bogus %pp?abc=&def=                    %;(null)%

History
Date	User	Action	Args
2018-10-25 20:20:14	Yhojann Aguilera	set	recipients: + Yhojann Aguilera
2018-10-25 20:20:14	Yhojann Aguilera	set	messageid: <1540498814.71.0.788709270274.issue35071@psf.upfronthosting.co.za>
2018-10-25 20:20:14	Yhojann Aguilera	link	issue35071 messages
2018-10-25 20:20:14	Yhojann Aguilera	create