Snippet: The leanest Popen wrapper

Thomas Rachel nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915 at spamschutz.glglgl.de
Thu Aug 4 11:25:51 CEST 2011


Am 04.08.2011 10:42 schrieb Chris Rebert:

> I was considering the more general case where one of the strings may
> have come from user input. You then need to also escape
> $looks_like_a_var, `some_command`, and way more other such stuff that
> your simple function doesn't cover.

Even these things are harmless when included in ''s.

$ echo '`rm -rf .`' '$RANDOM'
`rm -rf .` $RANDOM

Thomas



More information about the Python-list mailing list