Message 269835 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	r.david.murray
Recipients	klo.uo, r.david.murray, xiang.zhang
Date	2016-07-05.16:14:26
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1467735267.36.0.0785412141128.issue27457@psf.upfronthosting.co.za>
In-reply-to

Content
Yes, the point of shlex.quote is to get something that is not special to the shell, and therefore safe to pass to the shell. If you want an & in your command, just pass it, don't quote it. quote is for untrusted data, like filenames received from a user. Or better, don't use shell=True all. (list2cmdline has a different purpose, unique to windows)

Yes, the point of shlex.quote is to get something that is *not* special to the shell, and therefore safe to pass to the shell.  If you *want* an & in your command, just pass it, don't quote it.  quote is for *untrusted* data, like filenames received from a user.

Or better, don't use shell=True all.

(list2cmdline has a different purpose, unique to windows)

History
Date	User	Action	Args
2016-07-05 16:14:27	r.david.murray	set	recipients: + r.david.murray, klo.uo, xiang.zhang
2016-07-05 16:14:27	r.david.murray	set	messageid: <1467735267.36.0.0785412141128.issue27457@psf.upfronthosting.co.za>
2016-07-05 16:14:27	r.david.murray	link	issue27457 messages
2016-07-05 16:14:26	r.david.murray	create