[Python-checkins] cpython (3.2): Fix placement of shell=True warning in subprocess.Popen() docs.

chris.jerdonek python-checkins at python.org
Thu Oct 11 08:01:00 CEST 2012 

http://hg.python.org/cpython/rev/42bddca6b2b1
changeset:   79660:42bddca6b2b1
branch:      3.2
parent:      79656:41ffed580eef
user:        Chris Jerdonek <chris.jerdonek at gmail.com>
date:        Wed Oct 10 22:52:22 2012 -0700
summary:
  Fix placement of shell=True warning in subprocess.Popen() docs.

files:
  Doc/library/subprocess.rst |  16 ++++++++--------
  1 files changed, 8 insertions(+), 8 deletions(-)


diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst
--- a/Doc/library/subprocess.rst
+++ b/Doc/library/subprocess.rst
@@ -260,8 +260,8 @@
       untrusted source makes a program vulnerable to `shell injection
       <http://en.wikipedia.org/wiki/Shell_injection#Shell_injection>`_,
       a serious security flaw which can result in arbitrary command execution.
-      For this reason, the use of *shell=True* is **strongly discouraged** in cases
-      where the command string is constructed from external input::
+      For this reason, the use of ``shell=True`` is **strongly discouraged**
+      in cases where the command string is constructed from external input::
 
          >>> from subprocess import call
          >>> filename = input("What file would you like to display?\n")
@@ -346,18 +346,18 @@
 
       Popen(['/bin/sh', '-c', args[0], args[1], ...])
 
-   .. warning::
-
-      Enabling this option can be a security hazard if combined with untrusted
-      input. See the warning under :ref:`frequently-used-arguments`
-      for details.
-
    On Windows with ``shell=True``, the :envvar:`COMSPEC` environment variable
    specifies the default shell.  The only time you need to specify
    ``shell=True`` on Windows is when the command you wish to execute is built
    into the shell (e.g. :command:`dir` or :command:`copy`).  You do not need
    ``shell=True`` to run a batch file or console-based executable.
 
+   .. warning::
+
+      Passing ``shell=True`` can be a security hazard if combined with
+      untrusted input.  See the warning under :ref:`frequently-used-arguments`
+      for details.
+
    *bufsize*, if given, has the same meaning as the corresponding argument to the
    built-in open() function: :const:`0` means unbuffered, :const:`1` means line
    buffered, any other positive value means use a buffer of (approximately) that

-- 
Repository URL: http://hg.python.org/cpython

More information about the Python-checkins mailing list