Author serhiy.storchaka
Recipients Ramchandra Apte, Rod.Nayfield, roger.serwy, serhiy.storchaka, terry.reedy
Date 2013-01-12.14:56:39
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1358002600.2.0.359024299536.issue16829@psf.upfronthosting.co.za>
In-reply-to
Content
No surrounding %%s with quotes, nor changing to %%r doesn't work in all cases, because Python and shell use different quoting schemas. The only solution is using shlex.quote (which available only since 3.3). But even in this case we should be careful, this can break user code if user has "fixed" the issue by surrounding %%s with quotes (singular or double) or changing to %%r. Perhaps we should substitute not only bare %%s, but also "%%s", '%%s' and %%r.

Ramchandra's patch doesn't help. First, shlex.split will fail in the same way as a shell. Second, we must run the command via shell, because user can use pipe or redirection.
History
Date User Action Args
2013-01-12 14:56:40serhiy.storchakasetrecipients: + serhiy.storchaka, terry.reedy, roger.serwy, Ramchandra Apte, Rod.Nayfield
2013-01-12 14:56:40serhiy.storchakasetmessageid: <1358002600.2.0.359024299536.issue16829@psf.upfronthosting.co.za>
2013-01-12 14:56:40serhiy.storchakalinkissue16829 messages
2013-01-12 14:56:39serhiy.storchakacreate