Steve Dower added the comment: Here's an alternate patch I proposed on #25005 before we decided to back out the change.
The problem is that subprocess.call() with shell=True is unsafe because we don't escape shell operators (such as &, <, >, |). The fix in this patch is to allow passing arguments to os.startfile so we can use that instead. Arguments do not need to be escaped in this case. ---------- Added file: http://bugs.python.org/file40384/25005_1.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue8232> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com