From 593028b3fb870ede9e2d55d78df3231bda08abbb Mon Sep 17 00:00:00 2001
From: Sindre Stephansen <sindre@sindrestephansen.com>
Date: Mon, 16 Mar 2020 21:10:02 +0100
Subject: [PATCH] Fix OS remote code execution

Fixes #6
---
 src/app/views/project.py | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/src/app/views/project.py b/src/app/views/project.py
index b85a21e..83a42ce 100755
--- a/src/app/views/project.py
+++ b/src/app/views/project.py
@@ -64,14 +64,10 @@ class Project:
                 # Create the project directory if it doesnt exist
                 path = 'static/project' + data.projectid
                 if not os.path.isdir(path):
-                    command = 'mkdir ' + path
-                    os.popen(command)
-                    sleep(0.2)
+                    os.mkdir(path)
                 path = path + '/task' + data.taskid
                 if not os.path.isdir(path):
-                    command = 'mkdir ' + path
-                    os.popen(command)
-                    sleep(0.2)
+                    os.mkdir(path)
                 open(path + '/' + fn, 'wb').write(fileitem.file.read())
                 models.project.set_task_file(data.taskid, (path + "/" + fn))
         except: