From 3bf3603bae502e52a0acd0a85a10466c3f1dbee1 Mon Sep 17 00:00:00 2001
From: Victor Kareh <vkareh@redhat.com>
Date: Fri, 29 Aug 2025 16:17:52 -0400
Subject: Use subprocess calls instead of os.system

This removes the possibility of shell injection vulnerabilities.
---
 examples/open-terminal.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'examples/open-terminal.py')

diff --git a/examples/open-terminal.py b/examples/open-terminal.py
index 935d894..ff0909e 100644
--- a/examples/open-terminal.py
+++ b/examples/open-terminal.py
@@ -1,5 +1,6 @@
 # This example is contributed by Martin Enlund
 import os
+import subprocess
 
 from gi.repository import Caja, GObject, Gio
 
@@ -15,7 +16,7 @@ class OpenTerminalExtension(Caja.MenuProvider, GObject.GObject):
         terminal = self.gsettings[TERMINAL_KEY]
 
         os.chdir(filename)
-        os.system('%s &' % terminal)
+        subprocess.Popen([terminal], cwd=filename)
         
     def menu_activate_cb(self, menu, file):
         self._open_terminal(file)
-- 
cgit v1.2.1