Committed patch from Sabin Iacob to sanitize a user's psk, to prevent possible parsing errors and security risks.

misc.py

@@ -23,6 +23,7 @@ import locale
 import gettext
 import time
 import sys
+import re
 from subprocess import *
 
 if __name__ == '__main__':
@@ -260,6 +261,10 @@ def error(parent, message):
     dialog.run()
     dialog.destroy()
 
+def shell_escape(data):
+    escape_re = re.compile('(?=[^a-zA-Z0-9_.\/\-\x7F-\xFF])')
+    print 'data is',data
+    return escape_re.sub("\\\\", data)
 
 class LogWriter():
     """ A class to provide timestamped logging. """
@@ -308,7 +313,6 @@ class LogWriter():
             if self.eol: self.file.write('\n')
             self.file.close()
 
-
     def get_time(self):
         """ Return a string with the current time nicely formatted.
 

networking.py

@@ -446,7 +446,8 @@ class WirelessConnectThread(ConnectThread):
                                          re.I | re.M  | re.S)
                 self.network['psk'] = misc.RunRegex(key_pattern,
                         misc.Run('wpa_passphrase "' + self.network['essid'] +
-                                 '" "' + self.network['key'] + '"'))
+                                 '" "' + misc.shell_escape(self.network['key'])
+                                 + '"'))
             # Generate the wpa_supplicant file...
             if self.network.get('enctype') is not None:
                 self.SetStatus('generating_wpa_config')