In article <[email protected]>, Steven D'Aprano <[email protected]> wrote:
> import tempfile > > def edit(editor, content=''): > f = tempfile.NamedTemporaryFile(mode='w+') > [...] > command = editor + " " + f.name > status = os.system(command) Hmmm. Didn't we just have a thread about passing external data to shells? $ mkdir '/tmp/;rm -rf;' $ TMPDIR='/tmp/;rm -rf;' python Python 2.7.3 (default, Sep 26 2013, 20:03:06) [GCC 4.6.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import tempfile >>> f = tempfile.NamedTemporaryFile() >>> f.name '/tmp/;rm -rf;/tmpW8HFTr' >>> -- https://mail.python.org/mailman/listinfo/python-list
