From 1e65159b340d4c91abd5a3bf5e6068f1d7cd50aa Mon Sep 17 00:00:00 2001 From: Chris Jerdonek Date: Wed, 10 Oct 2012 22:58:57 -0700 Subject: [PATCH] Backport from 3.2: Fix placement of shell=True warning in subprocess.Popen() docs. --- Doc/library/subprocess.rst | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 380188427a3..27bc5742f6c 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -243,8 +243,8 @@ default values. The arguments that are most commonly needed are: untrusted source makes a program vulnerable to `shell injection `_, a serious security flaw which can result in arbitrary command execution. - For this reason, the use of *shell=True* is **strongly discouraged** in cases - where the command string is constructed from external input:: + For this reason, the use of ``shell=True`` is **strongly discouraged** + in cases where the command string is constructed from external input:: >>> from subprocess import call >>> filename = input("What file would you like to display?\n") @@ -334,6 +334,12 @@ functions. into the shell (e.g. :command:`dir` or :command:`copy`). You do not need ``shell=True`` to run a batch file or console-based executable. + .. warning:: + + Passing ``shell=True`` can be a security hazard if combined with + untrusted input. See the warning under :ref:`frequently-used-arguments` + for details. + *bufsize*, if given, has the same meaning as the corresponding argument to the built-in open() function: :const:`0` means unbuffered, :const:`1` means line buffered, any other positive value means use a buffer of (approximately) that @@ -375,15 +381,6 @@ functions. child process. Note that on Windows, you cannot set *close_fds* to true and also redirect the standard handles by setting *stdin*, *stdout* or *stderr*. - If *shell* is :const:`True`, the specified command will be executed through the - shell. - - .. warning:: - - Enabling this option can be a security hazard if combined with untrusted - input. See the warning under :ref:`frequently-used-arguments` - for details. - If *cwd* is not ``None``, the child's current directory will be changed to *cwd* before it is executed. Note that this directory is not considered when searching the executable, so you can't specify the program's path relative to