On 09Jan2018 0744, eryk sun wrote:
It's common to discourage using `shell=True` because it's considered insecure. One of the reasons to use CMD in Windows is that it tries ShellExecuteEx if CreateProcess fails. ShellExecuteEx supports "App Paths" commands, file actions (open, edit, print), UAC elevation (via "runas" or if requested by the manifest), protocols (including "shell:"), and opening folders in Explorer. It isn't a scripting language, however, so it doesn't pose the same risk as using CMD. Calling ShellExecuteEx could be integrated in subprocess as a new Popen parameter, such as `winshell` or `shellex`.
This can also be used directly as os.startfile, the only downside being that you can't wait for the process to complete (but that's due to the underlying API, which may not end up starting a process but rather sending a message to an existing long-running one such as explorer.exe). I'd certainly recommend it for actions like "open this file with its default editor" or "browse to this web page with the default browser".
Cheers, Steve _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
