Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Escape special characters in the command #10

Closed
lord63 opened this issue Oct 13, 2014 · 4 comments
Closed

Escape special characters in the command #10

lord63 opened this issue Oct 13, 2014 · 4 comments
Labels
bug

Comments

@lord63
Copy link
Owner

lord63 commented Oct 13, 2014

Since I use notify-send to show the notify, and there may be some special characters in the content, for example, (, ), ', we need to do something.
@lord63
Copy link
Owner Author

lord63 commented Oct 13, 2014

The list: ', ", &, (, ), ;, <, ```, |

@lord63
Copy link
Owner Author

lord63 commented Nov 28, 2014

Hey, I found something in the subprocess module documentation, which you can use $pydoc -p 6789 to get them.

Replacing os.system()                                                       
---------------------                                                       
sts = os.system("mycmd" + " myarg") 
==>                                                                         
p = Popen("mycmd" + " myarg", shell=True)
pid, sts = os.waitpid(p.pid, 0)           

Note: 

* Calling the program through the shell is usually not required.

* It's easier to look at the returncode attribute than the
  exitstatus.                                                               

A more real-world example would look like this:

try:                                                                        
    retcode = call("mycmd" + " myarg", shell=True)                          
    if retcode < 0:                                                         
        print >>sys.stderr, "Child was terminated by signal", -retcode
    else:                                                                   
        print >>sys.stderr, "Child returned", retcode
except OSError, e:                             
    print >>sys.stderr, "Execution failed:", e

lord63 added a commit that referenced this issue Nov 29, 2014
@lord63
Replace os with subprocess; Fix issue #10
2628b16
@lord63
Copy link
Owner Author

lord63 commented Nov 29, 2014

It seems that args should be a sequence of program arguments, or a string with shell set to True.

Something about shell=True, get more information from here: Frequently Used Arguments

Warning

Executing shell commands that incorporate unsanitized input from an untrusted source makes a program vulnerable to shell injection, a serious security flaw which can result in arbitrary command execution. For this reason, the use of shell=True is strongly discouraged in cases where the command string is constructed from external input:

@lord63
Copy link
Owner Author

lord63 commented Nov 29, 2014

It seems that use a sequence of program arguments as args will be a good idea, you don't have to worry about the special characters(except " if I use "blabla").

>>>subprocess.call(['echo', "Today's Picture Story"])
Today's Picture Story
0
>>> subprocess.call('echo "Today's Picture Story"', shell=True)
  File "<stdin>", line 1
    subprocess.call('echo "Today's Picture Story"', shell=True)
                                 ^
    SyntaxError: invalid syntax
>>> subprocess.call('echo "Today\'s Picture Story"', shell=True)
Today's Picture Story
0

@lord63 lord63 added the bug label Nov 29, 2014
@lord63 lord63 closed this as completed Dec 17, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lord63