Doesn't work, if path to .img file contains spaces.

I can confirm this bug..

I was trying to write the image from:
"/home/ruben/Área de Trabalho/ubuntu-9.04-netbook-remix-i386.img"

And the application did nothing.

Then I tried from:
"/home/ruben/ubuntu-9.04-netbook-remix-i386.img"

And it worked as expected.

I can also confirm this bug.

It works after I make sure none of the path has spaces.

I have the same problem. I fixed this in the python code by encapsulating the source file in double quotes. This way it passes both the file check as will as the "dd" command. I no longer have any trouble writing images that have a space in the path.

Please let me know if I generated this patch file correctly and if this is the appropriate manner in which to submit this fix. Thanks!

I have attached a .debdiff for the package changes. I am requesting sponsorship from ubuntu-universe-sponsors. This is my first time submitting a package change and asking for sponsorship. I would welcome input as to whether or not I have followed the correct procedure for this. Thanks!

This bug was fixed in the package usb-imagewriter - 0.1.3-0ubuntu2

---------------
usb-imagewriter (0.1.3-0ubuntu2) karmic; urgency=low

  [ Siegfried-Angel Gevattder Pujals ]
  * debian/control:
     - Move website to Homepage field.
     - Add a Dependency on python-glade2 (LP: #370297).
     - Bump Standards-Version to 3.8.1.
  * share/applications/imagewriter.desktop:
     - Use "gksu" instead of "gksudo" (LP: #376427).
  * debian/po, debian/rules, debian/install, debian/control:
     - Install all translations available on Launchpad.
  * Fix debian/watch, and little changes to debian/imagewriter.1.

  [ Mike Szczys ]
  * Applied patch to handle spaces in image path (LP: #366607)
     - lib/imagewriter.py: line 101: encapsulated source in double
       quotes so that it can be used with "ls -l" and "dd" commands
       even if the path includes spaces.

 -- Siegfried-Angel Gevatter Pujals <email address hidden> Fri, 12 Jun 2009 13:50:59 +0200

Re-opened because the fix given is half-assed and still fails if the filename contains a double quote. Here is a patch that uses a proper list for the Popen arguments, with shell=False. More secure as well...

Just realized there have been more changes in karmic. I'll post another, more up-to-date patch in a minute or two...

New patch (0ubuntu3). Urgency set to critical because this bug (and it's first fix) enable a possible command-injection security problem into a root process, which this patch fixes.

Requesting sponsorship to get this pushed in time for karmic, because of the command injection problem.

Re-requesting sponsorship to get this pushed in time for karmic, because of the command injection problem.

This bug was fixed in the package usb-imagewriter - 0.1.3-0ubuntu3

---------------
usb-imagewriter (0.1.3-0ubuntu3) karmic; urgency=critical

  * lib/imagewriter.py: New patch to handle spaces in image path (LP: #366607)
     - This patch fixes a possible command-injection security error, which is
       the reason for the urgency=critical.
     - Removed encapsulation in quotes from line 101, as described in the lower
       change, because that would fail if the path contained quotes.
     - Used a proper argument list instead of string in both Popen statements.
     - Changed shell=True to shell=False because it is no longer needed.

 -- Christopher Pavlina <email address hidden> Sat, 17 Oct 2009 22:55:27 -0400