Antoine Pitrou <[email protected]> added the comment:
Hum, in:
return_code = shellcmd.shell_call('ls -l {}', dirname)
listing = shellcmd.check_shell_output('ls -l {}', dirname)
...how do you know that dirname doesn't need some kind of escaping?
This is not only a security issue, but a bug. Even if security doesn't matter
on your system, your script will still break and/or do unexpected things.
Also, I don't really understand how your recipe improves things. You're just
saving one call to .format(). You would probably have the same saving by using
the % operator.
----------
nosy: +pitrou
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue13238>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
