[PATCH 08 of 10] Switch cmd to use popen2() instead of popen()
jgoerzen at complete.org
jgoerzen at complete.org
Sun Mar 4 13:16:16 CST 2007
# HG changeset patch
# User John Goerzen <jgoerzen at complete.org>
# Date 1173038767 21600
# Node ID 7ade700f8b5da237accfa2ce81daf71a0e41cb3d
# Parent 820de3cbb48bf52b869e164363d6c95fc7c56f2a
Switch cmd to use popen2() instead of popen()
Now it is possible to avoid shell escaping bugs when passing usernames and
similar info to commands
diff --git a/contrib/darcs2hg.py b/contrib/darcs2hg.py
--- a/contrib/darcs2hg.py
+++ b/contrib/darcs2hg.py
@@ -42,16 +42,21 @@ USAGE = """\
#
# ------------------------------------------------------------------------------
-def cmd(text, path=None, silent=False):
+def cmd(cmd, path=None, silent=False):
"""Executes a command, in the given directory (if any), and returns the
- command result as a string."""
+ command result as a string. Command may be a string (which will be
+ passed to the shell) or a sequence (which will not be passed through
+ a shell), as handled by os.popen2(). The command's stdin will
+ be closed immediately upon starting."""
cwd = None
if path:
path = os.path.abspath(path)
cwd = os.getcwd()
os.chdir(path)
- if not silent: print "> ", text
- res = os.popen(text).read()
+ if not silent: print "> ", cmd
+ fds = os.popen2(cmd)
+ fds[0].close()
+ res = fds[1].read()
if path:
os.chdir(cwd)
return res
More information about the Mercurial-devel
mailing list