[BZR Tree!] Updated shelf

Martin Pool mbp at sourcefrog.net
Sat Jun 18 02:41:04 BST 2005

On 17 Jun 2005, Aaron Bentley <aaron.bentley at utoronto.ca> wrote:

> This is better, but it's still not quite right, because root may contain
> quote marks or characters that may be interpreted by the shell.
> To prevent the shell from evaluating the input, use a sequence instead
> of a string.
> pipe = os.popen(('patch', '-d', root, '-s', '-p1'), 'w')
> This doesn't work for os.system.  The simplest thing I've found is to
> prepend a backslash to every character, e.g.
> os.system(" ".join(["".join(['\\'+g for g in f]) for f in args]))

The reason it doesn't work for os.system is that (in both python and
c) system() runs the command through the shell.  So what actually gets
execed is something like
  ['/bin/sh', '-c'] + args

This is nice in that you can run commands which use shell features
like pipes, redirection or globs.  It is bad when you're executing
anything with variable content because shell grammar is so baroque.
It's better and faster to use os.spawnve instead.


More information about the bazaar mailing list