[Python-checkins] cpython (2.7): Backport from 3.2: Fix placement of shell=True warning in subprocess.Popen()
chris.jerdonek
python-checkins at python.org
Thu Oct 11 08:01:04 CEST 2012
http://hg.python.org/cpython/rev/bbdb90bf2692
changeset: 79663:bbdb90bf2692
branch: 2.7
parent: 79659:f051e37ac11d
user: Chris Jerdonek <chris.jerdonek at gmail.com>
date: Wed Oct 10 22:58:57 2012 -0700
summary:
Backport from 3.2: Fix placement of shell=True warning in subprocess.Popen() docs.
files:
Doc/library/subprocess.rst | 19 ++++++++-----------
1 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst
--- a/Doc/library/subprocess.rst
+++ b/Doc/library/subprocess.rst
@@ -243,8 +243,8 @@
untrusted source makes a program vulnerable to `shell injection
<http://en.wikipedia.org/wiki/Shell_injection#Shell_injection>`_,
a serious security flaw which can result in arbitrary command execution.
- For this reason, the use of *shell=True* is **strongly discouraged** in cases
- where the command string is constructed from external input::
+ For this reason, the use of ``shell=True`` is **strongly discouraged**
+ in cases where the command string is constructed from external input::
>>> from subprocess import call
>>> filename = input("What file would you like to display?\n")
@@ -334,6 +334,12 @@
into the shell (e.g. :command:`dir` or :command:`copy`). You do not need
``shell=True`` to run a batch file or console-based executable.
+ .. warning::
+
+ Passing ``shell=True`` can be a security hazard if combined with
+ untrusted input. See the warning under :ref:`frequently-used-arguments`
+ for details.
+
*bufsize*, if given, has the same meaning as the corresponding argument to the
built-in open() function: :const:`0` means unbuffered, :const:`1` means line
buffered, any other positive value means use a buffer of (approximately) that
@@ -375,15 +381,6 @@
child process. Note that on Windows, you cannot set *close_fds* to true and
also redirect the standard handles by setting *stdin*, *stdout* or *stderr*.
- If *shell* is :const:`True`, the specified command will be executed through the
- shell.
-
- .. warning::
-
- Enabling this option can be a security hazard if combined with untrusted
- input. See the warning under :ref:`frequently-used-arguments`
- for details.
-
If *cwd* is not ``None``, the child's current directory will be changed to *cwd*
before it is executed. Note that this directory is not considered when
searching the executable, so you can't specify the program's path relative to
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list