Message146150
Hum, in:
return_code = shellcmd.shell_call('ls -l {}', dirname)
listing = shellcmd.check_shell_output('ls -l {}', dirname)
...how do you know that dirname doesn't need some kind of escaping?
This is not only a security issue, but a bug. Even if security doesn't matter on your system, your script will still break and/or do unexpected things.
Also, I don't really understand how your recipe improves things. You're just saving one call to .format(). You would probably have the same saving by using the % operator. |
|
Date |
User |
Action |
Args |
2011-10-21 23:13:23 | pitrou | set | recipients:
+ pitrou, ncoghlan, eric.araujo, alex, cvrebert |
2011-10-21 23:13:23 | pitrou | set | messageid: <1319238803.66.0.0206882441393.issue13238@psf.upfronthosting.co.za> |
2011-10-21 23:13:23 | pitrou | link | issue13238 messages |
2011-10-21 23:13:22 | pitrou | create | |
|