[GRASS-dev] [GRASS-SVN] r60679 - grass/trunk/lib/python/script

[Glynn Clements]

Vaclav Petras wrote:

> > kwargs['shell'] = True
> > args = [self._escape_for_shell(arg) for arg in args]
> 
> Considering security issues connected to shell=True* and uncertainty of
> escaping for MS Windows**, wouldn't be better to avoid shell=True and try
> to use the right interpreter? This can work at least for the most common
> (and probably only important) case which is Python.

That's an option. Although if we use .bat files to execute Python
scripts, shutil_which() will find the .bat file rather than the script
itself.

If we hard-code the handling of Python scripts, it should only be done
for those which are part of GRASS (i.e. where the script is located in
a subdirectory of $GISBASE).

We would still need to fall back to using the shell for other
extensions.

-- 
Glynn Clements <glynn at gclements.plus.com>