Author steve.dower
Recipients Arfrever, PedanticHacker, devplayer, eryksun, jbmilam, joncwchao, python-dev, r.david.murray, steve.dower
Date 2015-09-07.05:49:52
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1441604994.88.0.396817085759.issue8232@psf.upfronthosting.co.za>
In-reply-to
Content
Here's an alternate patch I proposed on #25005 before we decided to back out the change.

The problem is that subprocess.call() with shell=True is unsafe because we don't escape shell operators (such as &, <, >, |).

The fix in this patch is to allow passing arguments to os.startfile so we can use that instead. Arguments do not need to be escaped in this case.
History
Date User Action Args
2015-09-07 05:49:55steve.dowersetrecipients: + steve.dower, Arfrever, r.david.murray, joncwchao, devplayer, python-dev, eryksun, jbmilam, PedanticHacker
2015-09-07 05:49:54steve.dowersetmessageid: <1441604994.88.0.396817085759.issue8232@psf.upfronthosting.co.za>
2015-09-07 05:49:54steve.dowerlinkissue8232 messages
2015-09-07 05:49:54steve.dowercreate