This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lemburg
Recipients David.Benjamin, jcea, lemburg, pitrou, python-dev, vstinner
Date 2012-10-05.06:50:29
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
In-reply-to <>
> The implementation of platform.architecture shells out to the file command. It tries to escape quotes by replacing " with \", but that's not sufficient.
> $ python3.2 -c 'import platform; platform.architecture("foo\\\"; echo Hi there > /tmp/Z; echo \\\"")' && cat /tmp/Z
> Hi there
> Here's a patch to make it use subprocess instead. I haven't tested it thoroughly building everything from trunk and running tests, but I verified it works by replacing the in my system Python install.

I think a much better patch would be to test for existence of the
file in question. File names rarely use any of the mentioned quoting
and most certainly not for an executable, so if the check fails, that's
a good indication that something is not right.

Perhaps such a check could be added in addition to the other things
in the patch ?

BTW: It's probably better to discuss such patches on the tracker first,
before applying them to the code base. It becomes difficult discussing
patches that have already been partially applied to the code.

Marc-Andre Lemburg

Professional Python Services directly from the Source  (#1, Oct 05 2012)
>>> Python Projects, Consulting and Support ...
>>> mxODBC.Zope/Plone.Database.Adapter ...
>>> mxODBC, mxDateTime, mxTextTools ...
2012-09-27: Released eGenix PyRun 1.1.0 ...
2012-09-26: Released mxODBC.Connect 2.0.1 ...
2012-09-25: Released mxODBC 3.2.1 ...   
2012-10-23: Python Meeting Duesseldorf ...                 18 days to go Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
Date User Action Args
2012-10-05 06:50:30lemburgsetrecipients: + lemburg, jcea, pitrou, vstinner, python-dev, David.Benjamin
2012-10-05 06:50:30lemburglinkissue16112 messages
2012-10-05 06:50:29lemburgcreate