From 8c97995c2fc85398c438521e52ef6cfbba3424ed Mon Sep 17 00:00:00 2001
From: Rudi Grinberg <rudi.grinberg@gmail.com>
Date: Wed, 21 Nov 2012 12:55:57 -0500
Subject: [PATCH] Added vulnerability where strings would not be escaped when
 pass to shell command

---
 python_apps/media-monitor2/media/monitor/pure.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/python_apps/media-monitor2/media/monitor/pure.py b/python_apps/media-monitor2/media/monitor/pure.py
index a879f449f..89d902d69 100644
--- a/python_apps/media-monitor2/media/monitor/pure.py
+++ b/python_apps/media-monitor2/media/monitor/pure.py
@@ -6,7 +6,7 @@ import os
 import math
 import wave
 import contextlib
-import shutil
+import shutil, pipes
 import re
 import sys
 import hashlib
@@ -162,7 +162,7 @@ def walk_supported(directory, clean_empties=False):
 
 
 def file_locked(path):
-    cmd = "lsof %s" % path
+    cmd = "lsof %s" % (pipes.quote(path))
     f = Popen(cmd, shell=True, stdout=PIPE).stdout
     return bool(f.readlines())