Serhiy Storchaka added the comment: No surrounding %%s with quotes, nor changing to %%r doesn't work in all cases, because Python and shell use different quoting schemas. The only solution is using shlex.quote (which available only since 3.3). But even in this case we should be careful, this can break user code if user has "fixed" the issue by surrounding %%s with quotes (singular or double) or changing to %%r. Perhaps we should substitute not only bare %%s, but also "%%s", '%%s' and %%r.
Ramchandra's patch doesn't help. First, shlex.split will fail in the same way as a shell. Second, we must run the command via shell, because user can use pipe or redirection. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue16829> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
