Message250074
Here's an alternate patch I proposed on #25005 before we decided to back out the change.
The problem is that subprocess.call() with shell=True is unsafe because we don't escape shell operators (such as &, <, >, |).
The fix in this patch is to allow passing arguments to os.startfile so we can use that instead. Arguments do not need to be escaped in this case. |
|
Date |
User |
Action |
Args |
2015-09-07 05:49:55 | steve.dower | set | recipients:
+ steve.dower, Arfrever, r.david.murray, joncwchao, devplayer, python-dev, eryksun, jbmilam, PedanticHacker |
2015-09-07 05:49:54 | steve.dower | set | messageid: <1441604994.88.0.396817085759.issue8232@psf.upfronthosting.co.za> |
2015-09-07 05:49:54 | steve.dower | link | issue8232 messages |
2015-09-07 05:49:54 | steve.dower | create | |
|