Index: Python/sysmodule.c =================================================================== --- Python/sysmodule.c (révision 81381) +++ Python/sysmodule.c (copie de travail) @@ -1649,7 +1649,7 @@ } void -PySys_SetArgv(int argc, char **argv) +PySys_SetArgvEx(int argc, char **argv, int updatepath) { #if defined(HAVE_REALPATH) char fullpath[MAXPATHLEN]; @@ -1662,7 +1662,7 @@ Py_FatalError("no mem for sys.argv"); if (PySys_SetObject("argv", av) != 0) Py_FatalError("can't assign sys.argv"); - if (path != NULL) { + if (updatepath && path != NULL) { char *argv0 = argv[0]; char *p = NULL; Py_ssize_t n = 0; @@ -1752,7 +1752,13 @@ Py_DECREF(av); } +void +PySys_SetArgv(int argc, char **argv) +{ + PySys_SetArgvEx(argc, argv, 1); +} + /* APIs to write to sys.stdout or sys.stderr using a printf-like interface. Adapted from code submitted by Just van Rossum. Index: Include/sysmodule.h =================================================================== --- Include/sysmodule.h (révision 81381) +++ Include/sysmodule.h (copie de travail) @@ -11,6 +11,7 @@ PyAPI_FUNC(int) PySys_SetObject(char *, PyObject *); PyAPI_FUNC(FILE *) PySys_GetFile(char *, FILE *); PyAPI_FUNC(void) PySys_SetArgv(int, char **); +PyAPI_FUNC(void) PySys_SetArgvEx(int, char **, int); PyAPI_FUNC(void) PySys_SetPath(char *); PyAPI_FUNC(void) PySys_WriteStdout(const char *format, ...) Index: Doc/c-api/init.rst =================================================================== --- Doc/c-api/init.rst (révision 81381) +++ Doc/c-api/init.rst (copie de travail) @@ -22,6 +22,7 @@ module: sys triple: module; search; path single: PySys_SetArgv() + single: PySys_SetArgvEx() single: Py_Finalize() Initialize the Python interpreter. In an application embedding Python, this @@ -31,7 +32,7 @@ the table of loaded modules (``sys.modules``), and creates the fundamental modules :mod:`__builtin__`, :mod:`__main__` and :mod:`sys`. It also initializes the module search path (``sys.path``). It does not set ``sys.argv``; use - :cfunc:`PySys_SetArgv` for that. This is a no-op when called for a second time + :cfunc:`PySys_SetArgvEx` for that. This is a no-op when called for a second time (without calling :cfunc:`Py_Finalize` first). There is no return value; it is a fatal error if the initialization fails. @@ -338,7 +339,7 @@ ``sys.version``. -.. cfunction:: void PySys_SetArgv(int argc, char **argv) +.. cfunction:: void PySys_SetArgvEx(int argc, char **argv, int updatepath) .. index:: single: main() @@ -353,14 +354,34 @@ string. If this function fails to initialize :data:`sys.argv`, a fatal condition is signalled using :cfunc:`Py_FatalError`. - This function also prepends the executed script's path to :data:`sys.path`. - If no script is executed (in the case of calling ``python -c`` or just the - interactive interpreter), the empty string is used instead. + If *updatepath* is zero, this is all the function does. If *updatepath* + is non-zero, the function also modifies :data:`sys.path` according to the + following algorithm: + + - If the name of an existing script is passed in ``argv[0]``, its absolute + path is prepended to :data:`sys.path` + - Otherwise (that is, if *argc* is 0 or ``argv[0]`` doesn't point + to an existing file name), an empty string is prepended to + :data:`sys.path`, which is the same as prepending the current working + directory (``"."``). + .. note:: + It is recommended that applications embedding the Python interpreter + for purposes other than executing a single script pass 0 as *updatepath*, + and update :data:`sys.path` themselves if desired. + See `CVE-2008-5983 `_. + + .. versionadded:: 2.6.6 + .. XXX impl. doesn't seem consistent in allowing 0/NULL for the params; check w/ Guido. +.. cfunction:: void PySys_SetArgv(int argc, char **argv) + + This function works like :cfunc:`PySys_SetArgv` with *updatepath* set to 1. + + .. cfunction:: void Py_SetPythonHome(char *home) Set the default "home" directory, that is, the location of the standard