Author brandon-rhodes
Recipients brandon-rhodes, docs@python
Date 2010-08-31.13:40:11
SpamBayes Score 2.09516e-07
Marked as misclassified No
Message-id <1283262014.72.0.527039259842.issue9723@psf.upfronthosting.co.za>
In-reply-to
Content
The only way to safely build shell command lines from inside of Python — which is necessary when sending commands across SSH, since that behaves like os.system() rather than like subprocess.call() — is to use the wonderful pipes.call() method to turn possibly-dangerous arguments, like filenames that might have spaces, special characters, and embedded "rm -r" calls, into perfectly quoted strings for an "sh"-like shell (say, bash or zsh).

This call is already recommended on mailing lists, blog posts, and Stack Overflow — and since it doesn't start with a "_", I think its public use is fair game. But the "pipes" documentation itself doesn't officially mention or support it. I think it should be added to the Standard Library documentation for "pipes". So. Yeah.
History
Date User Action Args
2010-08-31 13:40:14brandon-rhodessetrecipients: + brandon-rhodes, docs@python
2010-08-31 13:40:14brandon-rhodessetmessageid: <1283262014.72.0.527039259842.issue9723@psf.upfronthosting.co.za>
2010-08-31 13:40:12brandon-rhodeslinkissue9723 messages
2010-08-31 13:40:11brandon-rhodescreate