[Python-checkins] r82299 - in python/branches/py3k: Demo/embed/demo.c Doc/c-api/intro.rst

benjamin.peterson python-checkins at python.org
Sun Jun 27 23:48:35 CEST 2010 

Author: benjamin.peterson
Date: Sun Jun 27 23:48:35 2010
New Revision: 82299

Log:
Merged revisions 81881-81882 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/trunk

........
  r81881 | andrew.kuchling | 2010-06-10 19:16:08 -0500 (Thu, 10 Jun 2010) | 1 line
  
  #5753: update demo.c to use PySys_SetArgvEx(), and add a comment
........
  r81882 | andrew.kuchling | 2010-06-10 19:23:01 -0500 (Thu, 10 Jun 2010) | 1 line
  
  #5753: Suggest PySys_SetArgvEx() instead of PySys_SetArgv()
........


Modified:
   python/branches/py3k/   (props changed)
   python/branches/py3k/Demo/embed/demo.c
   python/branches/py3k/Doc/c-api/intro.rst

Modified: python/branches/py3k/Demo/embed/demo.c
==============================================================================
--- python/branches/py3k/Demo/embed/demo.c	(original)
+++ python/branches/py3k/Demo/embed/demo.c	Sun Jun 27 23:48:35 2010
@@ -20,10 +20,19 @@
     Py_Initialize();
 
     /* Define sys.argv.  It is up to the application if you
-       want this; you can also let it undefined (since the Python
+       want this; you can also leave it undefined (since the Python
        code is generally not a main program it has no business
-       touching sys.argv...) */
-    PySys_SetArgv(2, args);
+       touching sys.argv...) 
+
+       If the third argument is true, sys.path is modified to include
+       either the directory containing the script named by argv[0], or
+       the current working directory.  This can be risky; if you run
+       an application embedding Python in a directory controlled by
+       someone else, attackers could put a Trojan-horse module in the
+       directory (say, a file named os.py) that your application would
+       then import and run.
+    */
+    PySys_SetArgvEx(argc, argv, 0);
 
     /* Do some application specific code */
     printf("Hello, brave new world\n\n");

Modified: python/branches/py3k/Doc/c-api/intro.rst
==============================================================================
--- python/branches/py3k/Doc/c-api/intro.rst	(original)
+++ python/branches/py3k/Doc/c-api/intro.rst	Sun Jun 27 23:48:35 2010
@@ -519,12 +519,12 @@
 :mod:`builtins`, :mod:`__main__`, :mod:`sys`, and :mod:`exceptions`.  It also
 initializes the module search path (``sys.path``).
 
-.. index:: single: PySys_SetArgv()
+.. index:: single: PySys_SetArgvEx()
 
 :cfunc:`Py_Initialize` does not set the "script argument list"  (``sys.argv``).
-If this variable is needed by Python code that  will be executed later, it must
-be set explicitly with a call to  ``PySys_SetArgv(argc, argv)`` subsequent to
-the call to :cfunc:`Py_Initialize`.
+If this variable is needed by Python code that will be executed later, it must
+be set explicitly with a call to  ``PySys_SetArgvEx(argc, argv, updatepath)``
+after the call to :cfunc:`Py_Initialize`.
 
 On most systems (in particular, on Unix and Windows, although the details are
 slightly different), :cfunc:`Py_Initialize` calculates the module search path

More information about the Python-checkins mailing list