|
|
 |
|
Title: Quote python strings for safe use in POSIX shells
Submitter: Richard Philips
(other recipes)
Last Updated: 2006/10/16
Version no: 1.0
Category:
Programs
|
|
|
Description:
Often one has to quote a python string so that the result can be used as an argument to a command running in a POSIX shell.
The function QuoteForPOSIX can be used with sh, bash, csh, ksh
Source: Text Source
import re
def QuoteForPOSIX(string):
'''quote a string so it can be used as an argument in a posix shell
According to: http://www.unix.org/single_unix_specification/
2.2.1 Escape Character (Backslash)
A backslash that is not quoted shall preserve the literal value
of the following character, with the exception of a <newline>.
2.2.2 Single-Quotes
Enclosing characters in single-quotes ( '' ) shall preserve
the literal value of each character within the single-quotes.
A single-quote cannot occur within single-quotes.
'''
return "\\'".join("'" + p + "'" for p in string.split("'"))
if __name__ == "__main__":
import os
filename = "filename with spaces.doc"
os.system("ls " + QuoteForPOSIX(filename))
Discussion:
|
|
Add comment
|
|
Number of comments: 6
Rafal Sniezynski, 2006/10/19
Isn't the quoting of subprocess.list2cmdline safe enough?
Add comment
Use of list2cmdline, Richard Philips, 2006/10/19
list2cmdline has two 'problems':
(1) It is not mentioned in the Python documentation (a sure sign that the author prefers to keep the use of it private and does not want to take the burden of maintaining it)
(2) From the code, it is clearly for use in a Microsoft only environment. QuoteForPOSIX is intended for UNIX environments.
The subprocess module is a goldmine for little nuggets like list2cmdline and I really hope the author would promote it.
Add comment
Code does not work, Matthew Towler, 2006/11/09
The original code does not run. 'p' is used before the loop that declares it. I belive the following code does the same thing and does work.
def quote_for_POSIX(string):
output = "'"
output += string.replace( "'", r"\'" )
output += "'"
return output
As a side issue I have found that if using file names escaped this way as the command line in a call to os.popen() the quoting is not respected and a name with spaces is incorrectly interpreted as multiple arguments.
Add comment
Unnecessary import, Steve Freitas, 2007/01/10
The re module isn't actually used in the code, so the import of it can be omitted.
Add comment
replace() vs. split() and join()?, Daryl Spitzer, 2007/02/21
Are split() and join() more efficient than something like:
return "'%s'" % string.replace( "'", r"'\''" )
or
return "'" + string.replace( "'", r"'\''" ) + "'"
?
Add comment
repr works well too., Damon Kohler, 2007/10/23
Python does some nice escaping on its own in this case. This works well for me:
msg = "keep's it simple."
os.system('echo %r' % msg)
Add comment
|
|
|
|
|
|
|
