Snippet: The leanest Popen wrapper
Thomas Rachel
nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915 at spamschutz.glglgl.de
Thu Aug 4 04:10:48 EDT 2011
Am 03.08.2011 19:27 schrieb Chris Rebert:
>> shell= True,
>
> I would strongly encourage you to avoid shell=True.
ACK, but not because it is hard, but because it is unnecessary and
unelegant at this point.
> You really don't want to have to worry about doing proper shell escaping yourself.
That's nothing to really worry about - just doing
def shellquote(*strs):
return " ".join([
"'"+st.replace("'","'\\''")+"'"
for st in strs
])
would do perfectly: shellquote('echo', "'", '"', " ", "\n")
If you emit a command line over ssh, for example, you don't have another
simple choice.
There are only worries if there is a shell which better shouldn't be
named like this. As you generally cannot know what ugly things the user
of your program does, it is better to avoid the additional shell layer.
So generally agree to what you say, but it is not the proper shell
escaping one should worry about (it is so simple that one cannot call it
"worry"), but the type of shell one talks with.
Thomas
More information about the Python-list
mailing list