[New-bugs-announce] [issue8987] Distutils doesn't quote Windows command lines properly
Matt Giuca
report at bugs.python.org
Sun Jun 13 07:22:53 CEST 2010
New submission from Matt Giuca <matt.giuca at gmail.com>:
I discovered this investigating a bug report that python-cjson doesn't compile properly on Windows (http://pypi.python.org/pypi/python-cjson). Cjson's setup.py asks distutils to compile with the flag '-DMODULE_VERSION="1.0.5"', but distutils.spawn._nt_quote_args is not escaping the quotes correctly.
Specifically, the current behaviour is:
>>> distutils.spawn._nt_quote_args(['-DMODULE_VERSION="1.0.5"'])
['-DMODULE_VERSION="1.0.5"']
I expect the following:
>>> distutils.spawn._nt_quote_args(['-DMODULE_VERSION="1.0.5"'])
['"-DMODULE_VERSION=""1.0.5"""']
Not surprising, since that function contains a big comment:
# XXX this doesn't seem very robust to me -- but if the Windows guys
# say it'll work, I guess I'll have to accept it. (What if an arg
# contains quotes? What other magic characters, other than spaces,
# have to be escaped? Is there an escaping mechanism other than
# quoting?)
It only escapes spaces, and that's it. I've proposed a patch which escapes the following characters properly: "&()<>^| (as far as I can tell, these are the "reserved" characters on Windows).
Note: I did not escape * or ?, the wildcard characters. As far as I can tell, these only have special meaning on the command-line itself, and not when supplied to a program.
Alternatively, it could call subprocess.list2cmdline (but there seem to be issues with that: http://bugs.python.org/issue8972).
----------
assignee: tarek
components: Distutils
files: spawn.patch
keywords: patch
messages: 107722
nosy: mgiuca, tarek
priority: normal
severity: normal
status: open
title: Distutils doesn't quote Windows command lines properly
versions: Python 2.6
Added file: http://bugs.python.org/file17653/spawn.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8987>
_______________________________________
More information about the New-bugs-announce
mailing list