[Python-Dev] subprocess shell=True on Windows doesn't escape ^ character
Chris Angelico
rosuav at gmail.com
Thu Jun 12 04:07:19 CEST 2014
On Thu, Jun 12, 2014 at 10:00 AM, anatoly techtonik <techtonik at gmail.com> wrote:
> I thought exactly about that. Usually separate arguments are used to avoid
> problems with escaping of quotes and other stuff.
>
> I'd deprecate subprocess and split it into separate modules. One is about
> shell execution and another one is for secure process control.
ISTM what you want is not shell=True, but a separate function that
follows the system policy for translating a command name into a
path-to-binary. That's something that, AFAIK, doesn't currently exist
in the Python 2 stdlib, but Python 3 has shutil.which(). If there's a
PyPI backport of that for Py2, you should be able to use that to
figure out the command name, and then avoid shell=False.
ChrisA
More information about the Python-Dev
mailing list