Antoine Pitrou <pit...@free.fr> added the comment: > With the default whitespace escaping (which allows spaces in > filenames), wildcard matching still works (thus the list of > directories matching the "../py*" pattern), but with full quoting it > breaks (thus the "nothing named '../py*'" result).
My question is why it would be a good idea to make a difference between whitespace and other characters. If you use a wildcard pattern, generally it won't contain spaces at all, so you don't have to quote it. If you are injecting a normal filename, noticing that whitespace gets quoted may get you a false sense of security until somebody injects a wildcard character that won't get quoted. So what I'm saying is that a middleground between quoting and no quoting is dangerous and not very useful. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue13238> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
