This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients alex, cvrebert, eric.araujo, ncoghlan, pitrou
Date 2011-10-29.11:16:52
SpamBayes Score 4.08102e-06
Marked as misclassified No
Message-id <1319886757.3244.4.camel@localhost.localdomain>
In-reply-to <1319852415.39.0.944796154343.issue13238@psf.upfronthosting.co.za>
Content 
>  With the default whitespace escaping (which allows spaces in
> filenames), wildcard matching still works (thus the list of
> directories matching the "../py*" pattern), but with full quoting it
> breaks (thus the "nothing named '../py*'" result).

My question is why it would be a good idea to make a difference between
whitespace and other characters. If you use a wildcard pattern,
generally it won't contain spaces at all, so you don't have to quote it.
If you are injecting a normal filename, noticing that whitespace gets
quoted may get you a false sense of security until somebody injects a
wildcard character that won't get quoted.

So what I'm saying is that a middleground between quoting and no quoting
is dangerous and not very useful.
History
Date User Action Args
2011-10-29 11:16:53pitrousetrecipients: + pitrou, ncoghlan, eric.araujo, alex, cvrebert
2011-10-29 11:16:52pitroulinkissue13238 messages
2011-10-29 11:16:52pitroucreate