Add shlex.quote function, to escape filenames and command lines (#9723). This function used to live as pipes.quote, where it was undocumented but used anyway. (An alias still exists for backward compatibility.) The tests have been moved as is, but the code of the function was changed to use a regex instead of a loop with string comparisons (at Ian Bicking’s suggestion). I’m terrible at regexes, so any feedback is welcome.

commit: 9bce311ea4f58ec04cab356a748e173ecfea381c [log] [tgz]
author: Éric Araujo <merwok@netwok.org> Wed Jul 27 18:29:31 2011 +0200
committer: Éric Araujo <merwok@netwok.org> Wed Jul 27 18:29:31 2011 +0200
tree: fd767a62dab42bb79ce2e86a2ac6fb970930c10e
parent: fcdaaa9011be28d4653dadc92df4a94b2f669711 [diff] [blame]
diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst
index 7e759f0..2c76130 100644
--- a/Doc/library/subprocess.rst
+++ b/Doc/library/subprocess.rst

@@ -92,7 +92,8 @@
          >>> call("cat " + filename, shell=True) # Uh-oh. This will end badly...
 
       *shell=False* does not suffer from this vulnerability; the above Note may be
-      helpful in getting code using *shell=False* to work.
+      helpful in getting code using *shell=False* to work.  See also
+      :func:`shlex.quote` for a function useful to quote filenames and commands.
 
    On Windows: the :class:`Popen` class uses CreateProcess() to execute the
    child program, which operates on strings.  If *args* is a sequence, it will
@@ -871,3 +872,7 @@
    described in rule 3.
 
 
+.. seealso::
+
+   :mod:`shlex`
+      Module which provides function to parse and escape command lines.
commit	9bce311ea4f58ec04cab356a748e173ecfea381c	[log] [tgz]
author	Éric Araujo <merwok@netwok.org>	Wed Jul 27 18:29:31 2011 +0200
committer	Éric Araujo <merwok@netwok.org>	Wed Jul 27 18:29:31 2011 +0200
tree	fd767a62dab42bb79ce2e86a2ac6fb970930c10e
parent	fcdaaa9011be28d4653dadc92df4a94b2f669711 [diff] [blame]