bernstei
commented
3 years ago Some of that is handled by a recent patch I'm putting together which (among other things) uses shlex.quote() to sanitize. But I agree that subprocess.run() is better.
Closed gabor1 closed 3 years ago
bernstei
commented
3 years ago Some of that is handled by a recent patch I'm putting together which (among other things) uses shlex.quote() to sanitize. But I agree that subprocess.run() is better.
bernstei
commented
3 years ago OK, using subprocess.run() in my patch. It also has other more substantive changes (antisites, all inequivalent interstitials), so it'll take a couple weeks to clear. I'll add the "closed by" when that PR is ready.
we are using os.system() calls but filenames are not sanitised, e.g. Dropbox file names have spaces in them. We should be using subprocess.run() throughout, giving arguments as a list, this does not involve the shell at all.