{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 干净又极端 的问题《Using subprocess.Popen to run a batch file in Wind》','https://www.manongdao.com/q-1026872.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Why can we not use Popen to run a batch file?
>>> p = Popen(["filename"], shell=True, stdout = PIPE)
This is working well, but according to the documentation we should not use shell = True for "running a batch file or console-based executable".
Why can't we use shell = True when it runs a batch file? Why should it only be used for building in cmd?
Calling
subprocess.Popen()with theshellparameter set toTruein production is a generally bad idea. One of the dangers include shell injection vulnerabilities, as quoted by the Python 3 docs:Source: https://docs.python.org/3.6/library/subprocess.html