Message115263
The only way to safely build shell command lines from inside of Python — which is necessary when sending commands across SSH, since that behaves like os.system() rather than like subprocess.call() — is to use the wonderful pipes.call() method to turn possibly-dangerous arguments, like filenames that might have spaces, special characters, and embedded "rm -r" calls, into perfectly quoted strings for an "sh"-like shell (say, bash or zsh).
This call is already recommended on mailing lists, blog posts, and Stack Overflow — and since it doesn't start with a "_", I think its public use is fair game. But the "pipes" documentation itself doesn't officially mention or support it. I think it should be added to the Standard Library documentation for "pipes". So. Yeah. |
|
Date |
User |
Action |
Args |
2010-08-31 13:40:14 | brandon-rhodes | set | recipients:
+ brandon-rhodes, docs@python |
2010-08-31 13:40:14 | brandon-rhodes | set | messageid: <1283262014.72.0.527039259842.issue9723@psf.upfronthosting.co.za> |
2010-08-31 13:40:12 | brandon-rhodes | link | issue9723 messages |
2010-08-31 13:40:11 | brandon-rhodes | create | |
|