diff options
| author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2012-10-11 05:53:35 (GMT) |
|---|---|---|
| committer | Chris Jerdonek <chris.jerdonek@gmail.com> | 2012-10-11 05:53:35 (GMT) |
| commit | c3de6d63cd20cd26a288999d454124cb72eb57fe (patch) | |
| tree | e8fe87a3652d41fe84798e850f153c3e0feb4f71 /Doc/library/subprocess.rst | |
| parent | 02860526ebdc359f3e157e3a9b4131dd01029b71 (diff) | |
| parent | cc32a68216238d72913794cf83fc0eaf54abe0db (diff) | |
| download | cpython-c3de6d63cd20cd26a288999d454124cb72eb57fe.zip cpython-c3de6d63cd20cd26a288999d454124cb72eb57fe.tar.gz cpython-c3de6d63cd20cd26a288999d454124cb72eb57fe.tar.bz2 | |
Merge from 3.2: Fix placement of shell=True warning in subprocess.Popen() docs.
Diffstat (limited to 'Doc/library/subprocess.rst')
| -rw-r--r-- | Doc/library/subprocess.rst | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 80063d0..66d6cbb 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -328,8 +328,8 @@ default values. The arguments that are most commonly needed are: untrusted source makes a program vulnerable to `shell injection <http://en.wikipedia.org/wiki/Shell_injection#Shell_injection>`_, a serious security flaw which can result in arbitrary command execution. - For this reason, the use of *shell=True* is **strongly discouraged** in cases - where the command string is constructed from external input:: + For this reason, the use of ``shell=True`` is **strongly discouraged** + in cases where the command string is constructed from external input:: >>> from subprocess import call >>> filename = input("What file would you like to display?\n") @@ -414,18 +414,18 @@ functions. Popen(['/bin/sh', '-c', args[0], args[1], ...]) - .. warning:: - - Enabling this option can be a security hazard if combined with untrusted - input. See the warning under :ref:`frequently-used-arguments` - for details. - On Windows with ``shell=True``, the :envvar:`COMSPEC` environment variable specifies the default shell. The only time you need to specify ``shell=True`` on Windows is when the command you wish to execute is built into the shell (e.g. :command:`dir` or :command:`copy`). You do not need ``shell=True`` to run a batch file or console-based executable. + .. warning:: + + Passing ``shell=True`` can be a security hazard if combined with + untrusted input. See the warning under :ref:`frequently-used-arguments` + for details. + *bufsize*, if given, has the same meaning as the corresponding argument to the built-in open() function: :const:`0` means unbuffered, :const:`1` means line buffered, any other positive value means use a buffer of (approximately) that |