#7507: quote "!" in pipes.quote(); it is a special character for some shells.

2010-04-24 09:08:10 +00:00 · 2010-04-24 09:08:10 +00:00 · 4341e54de8
parent f8bff488bd
commit 4341e54de8
3 changed files with 12 additions and 16 deletions
--- a/Lib/pipes.py
+++ b/Lib/pipes.py
@ -263,11 +263,11 @@ def makepipeline(infile, steps, outfile):

 # Reliably quote a string as a single argument for /bin/sh

-_safechars = string.ascii_letters + string.digits + '!@%_-+=:,./' # Safe unquoted
-_funnychars = '"`$\\'                           # Unsafe inside "double quotes"
+# Safe unquoted
+_safechars = frozenset(string.ascii_letters + string.digits + '@%_-+=:,./')

 def quote(file):
-    ''' return a shell-escaped version of the file string '''
+    """Return a shell-escaped version of the file string."""
    for c in file:
        if c not in _safechars:
            break
@ -275,11 +275,6 @@ def quote(file):
        if not file:
            return "''"
        return file
-    if '\'' not in file:
-        return '\'' + file + '\''
-    res = ''
-    for c in file:
-        if c in _funnychars:
-            c = '\\' + c
-        res = res + c
-    return '"' + res + '"'
+    # use single quotes, and put single quotes into double quotes
+    # the string $'b is then quoted as '$'"'"'b'
+    return "'" + file.replace("'", "'\"'\"'") + "'"
--- a/Lib/test/test_pipes.py
+++ b/Lib/test/test_pipes.py
@ -64,9 +64,10 @@ class SimplePipeTests(unittest.TestCase):
        self.assertEqual(open(TESTFN).read(), d)

    def testQuoting(self):
-        safeunquoted = string.ascii_letters + string.digits + '!@%_-+=:,./'
-        unsafe = '"`$\\'
+        safeunquoted = string.ascii_letters + string.digits + '@%_-+=:,./'
+        unsafe = '"`$\\!'

+        self.assertEqual(pipes.quote(''), "''")
        self.assertEqual(pipes.quote(safeunquoted), safeunquoted)
        self.assertEqual(pipes.quote('test file name'), "'test file name'")
        for u in unsafe:
@ -74,9 +75,7 @@ class SimplePipeTests(unittest.TestCase):
                              "'test%sname'" % u)
        for u in unsafe:
            self.assertEqual(pipes.quote("test%s'name'" % u),
-                              '"test\\%s\'name\'"' % u)
-
-        self.assertEqual(pipes.quote(''), "''")
+                             "'test%s'\"'\"'name'\"'\"''" % u)

    def testRepr(self):
        t = pipes.Template()
--- a/Misc/NEWS
+++ b/Misc/NEWS
@ -25,6 +25,8 @@ Core and Builtins
 Library
 -------

+- Issue #7507: Quote "!" in pipes.quote(); it is special to some shells.
+
 - Issue #5238: Calling makefile() on an SSL object would prevent the
  underlying socket from being closed until all objects get truely destroyed.