GeoDjango utils shouldn't include a Popen shortcut
|Reported by:||PaulM||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
contrib.gis.db.backends.util includes getstatusoutput(cmd), which executes a command using Popen and returns the result.
This function doesn't seem to be in use anywhere within the GIS code. Including shortcuts like this without good reason encourages dangerous behavior. I propose that we remove this now, or mark it with a DeprecationWarning and remove it in 1.4. It is undocumented, and presents a potential security hole for unwary users.
Change History (4)
comment:1 Changed 5 years ago by lukeplant
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted