I'll check why this code is still there, but if you look a little more precisely, you'll see that this code is actually never executed (the RefreshThread object is instanciated with the refresh param as False), so unless I missed something there isn't actually any command injection risk.
I'll still have a closer look at this and will come back to you as soon as I have more detailed/confirmed information.
I'll check why this code is still there, but if you look a little more precisely, you'll see that this code is actually never executed (the RefreshThread object is instanciated with the refresh param as False), so unless I missed something there isn't actually any command injection risk.
I'll still have a closer look at this and will come back to you as soon as I have more detailed/confirmed information.