diff options
| author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2012-10-11 05:54:55 (GMT) |
|---|---|---|
| committer | Chris Jerdonek <chris.jerdonek@gmail.com> | 2012-10-11 05:54:55 (GMT) |
| commit | c8b8b7f6611e98e1420113d60db4864ce1b3c11e (patch) | |
| tree | 5d128c9907a9b51b624438ca27e4c04a3c143454 | |
| parent | ec7c16d2b47e837cb5692de8fc47e0276e9773f8 (diff) | |
| parent | c3de6d63cd20cd26a288999d454124cb72eb57fe (diff) | |
| download | cpython-c8b8b7f6611e98e1420113d60db4864ce1b3c11e.zip cpython-c8b8b7f6611e98e1420113d60db4864ce1b3c11e.tar.gz cpython-c8b8b7f6611e98e1420113d60db4864ce1b3c11e.tar.bz2 | |
Merge from 3.3: Fix placement of shell=True warning in subprocess.Popen() docs.
| -rw-r--r-- | Doc/library/subprocess.rst | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 80063d0..66d6cbb 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -328,8 +328,8 @@ default values. The arguments that are most commonly needed are: untrusted source makes a program vulnerable to `shell injection <http://en.wikipedia.org/wiki/Shell_injection#Shell_injection>`_, a serious security flaw which can result in arbitrary command execution. - For this reason, the use of *shell=True* is **strongly discouraged** in cases - where the command string is constructed from external input:: + For this reason, the use of ``shell=True`` is **strongly discouraged** + in cases where the command string is constructed from external input:: >>> from subprocess import call >>> filename = input("What file would you like to display?\n") @@ -414,18 +414,18 @@ functions. Popen(['/bin/sh', '-c', args[0], args[1], ...]) - .. warning:: - - Enabling this option can be a security hazard if combined with untrusted - input. See the warning under :ref:`frequently-used-arguments` - for details. - On Windows with ``shell=True``, the :envvar:`COMSPEC` environment variable specifies the default shell. The only time you need to specify ``shell=True`` on Windows is when the command you wish to execute is built into the shell (e.g. :command:`dir` or :command:`copy`). You do not need ``shell=True`` to run a batch file or console-based executable. + .. warning:: + + Passing ``shell=True`` can be a security hazard if combined with + untrusted input. See the warning under :ref:`frequently-used-arguments` + for details. + *bufsize*, if given, has the same meaning as the corresponding argument to the built-in open() function: :const:`0` means unbuffered, :const:`1` means line buffered, any other positive value means use a buffer of (approximately) that |