Message146603
> With the default whitespace escaping (which allows spaces in
> filenames), wildcard matching still works (thus the list of
> directories matching the "../py*" pattern), but with full quoting it
> breaks (thus the "nothing named '../py*'" result).
My question is why it would be a good idea to make a difference between
whitespace and other characters. If you use a wildcard pattern,
generally it won't contain spaces at all, so you don't have to quote it.
If you are injecting a normal filename, noticing that whitespace gets
quoted may get you a false sense of security until somebody injects a
wildcard character that won't get quoted.
So what I'm saying is that a middleground between quoting and no quoting
is dangerous and not very useful. |
|
Date |
User |
Action |
Args |
2011-10-29 11:16:53 | pitrou | set | recipients:
+ pitrou, ncoghlan, eric.araujo, alex, cvrebert |
2011-10-29 11:16:52 | pitrou | link | issue13238 messages |
2011-10-29 11:16:52 | pitrou | create | |
|