This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: pipes.quote does not correctly escape !
Type: behavior Stage: test needed
Components: Library (Lib) Versions: Python 3.1, Python 3.2, Python 2.7, Python 2.6
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: georg.brandl Nosy List: bgertzfield, eric.smith, georg.brandl, jjwiseman, r.david.murray, tim.peters
Priority: normal Keywords: patch

Created on 2009-12-14 21:48 by bgertzfield, last changed 2022-04-11 14:56 by admin. This issue is now closed.

File name Uploaded Description Edit
pipes.diff georg.brandl, 2010-01-09 23:00
Messages (5)
msg96405 - (view) Author: Ben Gertzfield (bgertzfield) Date: 2009-12-14 21:48
The undocumented (but unit tested!) pipes.quote does not correctly 
escape '!', which cannot be passed to the shell outside of single-

sh-3.2$ python
Python 2.6.1 (r261:67515, Jul  7 2009, 23:51:51) 
[GCC 4.2.1 (Apple Inc. build 5646)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import pipes
>>> pipes.quote("omgshoes!")

sh-3.2$ echo "omgshoes!"
sh: !": event not found

bash-3.2$ echo "omgshoes!"
bash: !": event not found

zsh-4.3.9% echo "omgshoes!"

This needs to be single-quoted for safety:

sh-3.2$ echo 'omgshoes!'
bash-3.2$ echo 'omgshoes!'
zsh-4.3.9% echo 'omgshoes!'
msg97454 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2010-01-09 10:25
I'm attaching a patch that changes quote() logic.  It also fixes #7476, the empty argument case.

Strings with unsafe characters are now always quoted with single quotes. Single quotes themselves are replaced by a single quote in double quotes, so that




which I believe is portable across all commonly used shells.

(Another implementation would be to just backslash-quote all unsafe chars, but it makes for less readable results.)

Assigning to David for review -- you recently claimed to like shells :)
msg97476 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2010-01-09 23:00
Really adding the patch now.
msg97489 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2010-01-10 01:58
The patch looks good to me, except that one test fails.  You seem to have inadvertently deleted the '=' from the safe chars list in the test.

We should also add a test for the '' case.  And presumably the docs requested in the other ticket...
msg104069 - (view) Author: Georg Brandl (georg.brandl) * (Python committer) Date: 2010-04-24 09:08
Fixed in r80433.
Date User Action Args
2022-04-11 14:56:55adminsetgithub: 51756
2010-04-24 09:08:23georg.brandlsetstatus: open -> closed
assignee: r.david.murray -> georg.brandl
resolution: fixed
messages: + msg104069
2010-01-10 01:58:06r.david.murraysetpriority: normal

stage: test needed
messages: + msg97489
versions: + Python 3.1, Python 2.7, Python 3.2
2010-01-09 23:00:39georg.brandlsetfiles: + pipes.diff
keywords: + patch
messages: + msg97476
2010-01-09 10:25:25georg.brandlsetassignee: r.david.murray

messages: + msg97454
nosy: + r.david.murray, georg.brandl
2009-12-14 21:48:29bgertzfieldcreate