Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://mail.python.org/pipermail/python-list/2001-April/088885.html below:

Escaping strings to be used in shell commands?

• Previous message (by thread): Escaping strings to be used in shell commands?
• Next message (by thread): Escaping strings to be used in shell commands?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gabriel Ambuehl asked:
>I wonder what is the easiest way to escape user submitted
>strings so I can safely use them in os.system() calls.

Here's an obscure one, commands.mkarg

>>> "cp %s %s" % (commands.mkarg("; rm -rf $HOME"), commands.mkarg("'*"))
'cp  \'; rm -rf $HOME\'  "\'*"'
>>>

Note that it adds an extra space at the beginning of quoted
word.

Head Brian Langenberger's caution:
> That's better, of course, but I'm all in favor of not putting
> passwords, hashed or otherwise, through os.system() whatsoever.
> Any command-line arguments can show up in "ps", and having that
> sort of info flying around can't be a good idea.

                    Andrew
                    dalke at acm.org

• Previous message (by thread): Escaping strings to be used in shell commands?
• Next message (by thread): Escaping strings to be used in shell commands?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4