Vaclav Petras wrote: > > kwargs['shell'] = True > > args = [self._escape_for_shell(arg) for arg in args] > > Considering security issues connected to shell=True* and uncertainty of > escaping for MS Windows**, wouldn't be better to avoid shell=True and try > to use the right interpreter? This can work at least for the most common > (and probably only important) case which is Python.
That's an option. Although if we use .bat files to execute Python scripts, shutil_which() will find the .bat file rather than the script itself. If we hard-code the handling of Python scripts, it should only be done for those which are part of GRASS (i.e. where the script is located in a subdirectory of $GISBASE). We would still need to fall back to using the shell for other extensions. -- Glynn Clements <gl...@gclements.plus.com> _______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/grass-dev
