Message146603
| Author |
pitrou |
| Recipients |
alex, cvrebert, eric.araujo, ncoghlan, pitrou |
| Date |
2011年10月29日.11:16:52 |
| SpamBayes Score |
4.08102e-06 |
| Marked as misclassified |
No |
| Message-id |
<1319886757.3244.4.camel@localhost.localdomain> |
| In-reply-to |
<1319852415.39.0.944796154343.issue13238@psf.upfronthosting.co.za> |
| Content |
> With the default whitespace escaping (which allows spaces in
> filenames), wildcard matching still works (thus the list of
> directories matching the "../py*" pattern), but with full quoting it
> breaks (thus the "nothing named '../py*'" result).
My question is why it would be a good idea to make a difference between
whitespace and other characters. If you use a wildcard pattern,
generally it won't contain spaces at all, so you don't have to quote it.
If you are injecting a normal filename, noticing that whitespace gets
quoted may get you a false sense of security until somebody injects a
wildcard character that won't get quoted.
So what I'm saying is that a middleground between quoting and no quoting
is dangerous and not very useful. |
|