The undocumented (but unit tested!) pipes.quote does not correctly escape '!', which cannot be passed to the shell outside of single- quotes: sh-3.2$ python Python 2.6.1 (r261:67515, Jul 7 2009, 23:51:51) [GCC 4.2.1 (Apple Inc. build 5646)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import pipes >>> pipes.quote("omgshoes!") 'omgshoes!' sh-3.2$ echo "omgshoes!" sh: !": event not found bash-3.2$ echo "omgshoes!" bash: !": event not found zsh-4.3.9% echo "omgshoes!" dquote> This needs to be single-quoted for safety: sh-3.2$ echo 'omgshoes!' omgshoes! bash-3.2$ echo 'omgshoes!' omgshoes! zsh-4.3.9% echo 'omgshoes!' omgshoes!
I'm attaching a patch that changes quote() logic. It also fixes #7476, the empty argument case. Strings with unsafe characters are now always quoted with single quotes. Single quotes themselves are replaced by a single quote in double quotes, so that te$t'quoting becomes 'te$t'"'"'quoting' which I believe is portable across all commonly used shells. (Another implementation would be to just backslash-quote all unsafe chars, but it makes for less readable results.) Assigning to David for review -- you recently claimed to like shells :)
The patch looks good to me, except that one test fails. You seem to have inadvertently deleted the '=' from the safe chars list in the test. We should also add a test for the '' case. And presumably the docs requested in the other ticket...
