[issue13238] Add shell command helpers to shutil module
Antoine Pitrou
report at bugs.python.org
Sat Oct 22 01:13:23 CEST 2011
Antoine Pitrou <pitrou at free.fr> added the comment:
Hum, in:
return_code = shellcmd.shell_call('ls -l {}', dirname)
listing = shellcmd.check_shell_output('ls -l {}', dirname)
...how do you know that dirname doesn't need some kind of escaping?
This is not only a security issue, but a bug. Even if security doesn't matter on your system, your script will still break and/or do unexpected things.
Also, I don't really understand how your recipe improves things. You're just saving one call to .format(). You would probably have the same saving by using the % operator.
----------
nosy: +pitrou
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13238>
_______________________________________
More information about the Python-bugs-list
mailing list