[Tutor] subprocess.call list vs. str argument
Danny Yoo
dyoo at hashcollision.org
Mon Feb 24 22:48:49 CET 2014
There are a few issues there. I'd also recommend not trying to
shell-quote these manually,
# in the argument list of os.subprocess:
r'-H', '"%s"' % title,
r'-A', '"%s"' % author,
r'-V', '"%s"' % version,
Rather, just do the simpler thing:
r'-H', title,
r'-A', author,
r'-V', version,
in conjunction with passing the "shell=False" keyword argument. Don't
escape. Just pass the arguments as is.
As far as I can tell, trying to do shell escaping is not only
unnecessary here, but doing without it makes the code cleaner safer.
Maybe there's another reason why Albert-Jan's situation is different
enough that "shell=True" is necessary, but the default situation
should be to avoid it.
More information about the Tutor
mailing list