<div dir="ltr">the best way to improve shell escaping on windows is to send a PR against the list2cmdline code that escapes everything you believe it should when running on windows. With hyperlinks to the relevant msdn info about what might need escaping.<br><br><div class="gmail_quote"><div dir="ltr">On Sun, Jan 7, 2018 at 11:38 AM Christian Tismer <<a href="mailto:tismer@stackless.com">tismer@stackless.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Ok, I thought only about Windows where people often use shell=True.<br>
I did not see that as a Linux problem, too.<br>
<br>
Not meant as a proposal, just loud thinking... :-)<br>
<br>
But as said, the incomplete escaping is a complete mess.<br>
<br>
Ciao -- Chris<br>
<br>
On 07.01.18 19:54, Christian Tismer wrote:<br>
> By "normal user expectations" I meant the behavior when the builtin commands<br>
> were normal programs.<br>
><br>
> Using "shell=True" is everywhere recommended to avoid, and I believe<br>
> we could avoid it by giving them replacements for build-ins.<br>
><br>
> But I don't care if the shell escaping is correct. And that is not<br>
> trivial, either.<br>
><br>
> On 07.01.18 18:22, Guido van Rossum wrote:<br>
>> On Sun, Jan 7, 2018 at 8:17 AM, Christian Tismer <<a href="mailto:tismer@stackless.com" target="_blank">tismer@stackless.com</a><br>
>> <mailto:<a href="mailto:tismer@stackless.com" target="_blank">tismer@stackless.com</a>>> wrote:<br>
>><br>
>> As a side note: In most cases where shell=True is found, people<br>
>> seem to need evaluation of the PATH variable. To my understanding,<br>
>><br>
>> >>> from subprocess import call<br>
>> >>> call(("ls",))<br>
>><br>
>> works in Linux, but (with dir) not in Windows. But that is misleading<br>
>> because "dir" is a builtin command but "ls" is not. The same holds for<br>
>> "del" (Windows) and "rm" (Linux).<br>
>><br>
>> So I thought that using shell=True was a good Thing on windows,<br>
>> but actually it is the start of all evil.<br>
>> Using regular commands like "git" works fine on Windows and Linux<br>
>> without the shell=True parameter.<br>
>><br>
>> Perhaps it would be a good thing to emulate the builtin programs<br>
>> in python by some shell=True replacement (emulate_shell=True?)<br>
>> to match the normal user expectations without using the shell?<br>
>><br>
>><br>
>> That feels like a terrible idea to me. How do you define "normal user<br>
>> expectations" here? If people want shell builtins they should just use<br>
>> shell=True. (Also note IIUC there are several quite different shells<br>
>> commonly used on Windows, e.g. PowerShell.)<br>
>><br>
>> --<br>
>> --Guido van Rossum (<a href="http://python.org/~guido" rel="noreferrer" target="_blank">python.org/~guido</a> <<a href="http://python.org/~guido" rel="noreferrer" target="_blank">http://python.org/~guido</a>>)<br>
><br>
><br>
<br>
<br>
--<br>
Christian Tismer-Sperling :^) <a href="mailto:tismer@stackless.com" target="_blank">tismer@stackless.com</a><br>
Software Consulting : <a href="http://www.stackless.com/" rel="noreferrer" target="_blank">http://www.stackless.com/</a><br>
Karl-Liebknecht-Str. 121 : <a href="https://github.com/PySide" rel="noreferrer" target="_blank">https://github.com/PySide</a><br>
14482 Potsdam : GPG key -> 0xFB7BEE0E<br>
phone <a href="tel:+49%20173%202418776" value="+491732418776" target="_blank">+49 173 24 18 776</a> fax <a href="tel:+49%2030%207001430023" value="+49307001430023" target="_blank">+49 (30) 700143-0023</a><br>
<br>
_______________________________________________<br>
Python-Dev mailing list<br>
<a href="mailto:Python-Dev@python.org" target="_blank">Python-Dev@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/python-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/python-dev</a><br>
Unsubscribe: <a href="https://mail.python.org/mailman/options/python-dev/greg%40krypto.org" rel="noreferrer" target="_blank">https://mail.python.org/mailman/options/python-dev/greg%40krypto.org</a><br>
</blockquote></div></div>