Sanitising arguments to shell commands
jeanmichel at sequans.com
Fri Aug 21 11:22:03 CEST 2009
Ben Finney wrote:
> Miles Kaufmann <milesck at umich.edu> writes:
>> I would recommend avoiding shell=True whenever possible. It's used in
>> the examples, I suspect, to ease the transition from the functions
>> being replaced, but all it takes is for a filename or some other input
>> to unexpectedly contain whitespace or a metacharacter and your script
>> will stop working--or worse, do damage (cf. the iTunes 2 installer
> Agreed, and that's my motivation for learning about ‘subprocess.Popen’.
Can someone explain the difference with the shell argument ? giving for
instance an example of what True will do that False won't. I mean, I've
read the doc, and to be honest, I didn't get it.
I'm concerned because I'm using subprocess, but I guess my shell arg has
been filled a little bit random..
More information about the Python-list