My feeling is that the number of uses for calling cmd /c is rather limited on
Windows.
Certainly calling out to use the CMD builtin is not to be encouraged I'd say.
Between shutil and the os module you have most of the file handling commands.
Admin tools might want to run special commands, but th
On Mon, Jan 8, 2018 at 9:26 PM, Steve Dower wrote:
> On 09Jan2018 0744, eryk sun wrote:
>>
>> It's common to discourage using `shell=True` because it's considered
>> insecure. One of the reasons to use CMD in Windows is that it tries
>> ShellExecuteEx if CreateProcess fails. ShellExecuteEx support
On 09Jan2018 0744, eryk sun wrote:
It's common to discourage using `shell=True` because it's considered
insecure. One of the reasons to use CMD in Windows is that it tries
ShellExecuteEx if CreateProcess fails. ShellExecuteEx supports "App
Paths" commands, file actions (open, edit, print), UAC el
On Sun, Jan 7, 2018 at 6:48 PM, Christian Tismer wrote:
> That is true.
> list2cmdline escapes partially, but on NT and Windows10, the "^" must
> also be escaped, but is not. The "|" pipe symbol must also be escaped
> by "^", as many others as well.
>
> The effect was that passing a rexexp as para
On Sun, Jan 7, 2018, at 19:50, Steve Dower wrote:
> Considering there is no cross-platform compatibility here anyway, I
> don’t think it’s that bad an option to let users do their own escaping,
> especially since those who are successfully using this feature already
> do.
I don't really think w
users do their own escaping, especially since
those who are successfully using this feature already do.
Cheers,
Steve
Top-posted from my Windows phone
From: Guido van Rossum
Sent: Monday, January 8, 2018 8:02
To: Gregory P. Smith
Cc: Christian Tismer; Python-Dev
Subject: Re: [Python-Dev] subproces
Ok, then I'm happy to improve the escaping!
I was confused because I could not understand that nobody than me should
have run into this problem before.
There are many special cases. I'll try my very best :)
Cheers -- Chris
On 07.01.18 21:59, Guido van Rossum wrote:
> On Sun, Jan 7, 2018 at 12:3
On Sun, Jan 7, 2018 at 12:30 PM, Gregory P. Smith wrote:
> the best way to improve shell escaping on windows is to send a PR against
> the list2cmdline code that escapes everything you believe it should when
> running on windows. With hyperlinks to the relevant msdn info about what
> might need e
the best way to improve shell escaping on windows is to send a PR against
the list2cmdline code that escapes everything you believe it should when
running on windows. With hyperlinks to the relevant msdn info about what
might need escaping.
On Sun, Jan 7, 2018 at 11:38 AM Christian Tismer
wrote:
Ok, I thought only about Windows where people often use shell=True.
I did not see that as a Linux problem, too.
Not meant as a proposal, just loud thinking... :-)
But as said, the incomplete escaping is a complete mess.
Ciao -- Chris
On 07.01.18 19:54, Christian Tismer wrote:
> By "normal user
By "normal user expectations" I meant the behavior when the builtin commands
were normal programs.
Using "shell=True" is everywhere recommended to avoid, and I believe
we could avoid it by giving them replacements for build-ins.
But I don't care if the shell escaping is correct. And that is not
t
That is true.
list2cmdline escapes partially, but on NT and Windows10, the "^" must
also be escaped, but is not. The "|" pipe symbol must also be escaped
by "^", as many others as well.
The effect was that passing a rexexp as parameter to a windows program
gave me strange effects, and I recognized
On Sun, Jan 7, 2018 at 8:17 AM, Christian Tismer
wrote:
> As a side note: In most cases where shell=True is found, people
> seem to need evaluation of the PATH variable. To my understanding,
>
> >>> from subprocess import call
> >>> call(("ls",))
>
> works in Linux, but (with dir) not in Windows.
I assume you're talking about list2cmdline()? That seems to be used to
construct a string that can be passed to `cmd /c "{}"` -- it gets
substituted instead of the {}, i.e. surrounded by ". I honestly can't say I
follow that code completely, but I see that it escapes double quotes. Why
is there a n
14 matches
Mail list logo
