So, I was having an issue trying to properly escape a string for use in the shell (command line) when using python os.system(...).

I did a google search and found a site on ASPN which had incorrect information due to someone's incorrect reading of the POSIX Shell Command Language specification. The spec can be found at: http://www.unix.org/single_unix_specification/ under "Shell Command Language" . So I read the spec and wrote a correct python method to convert a string for safe use on POSIX compliant shells.

# This function will properly quote a string for use on a POSIX compliant shell
'''
From: http://www.unix.org/single_unix_specification/
Under "Shell Command Language"
2.2.3 Double-Quotes

Enclosing characters in double-quotes ( "" ) shall preserve the literal value of all characters within the double-quotes, with the exception of the characters dollar sign, backquote, and backslash, as follows:

$ The dollar sign shall retain its special meaning introducing parameter expansion (see Parameter Expansion), a form of command substitution (see Command Substitution), and arithmetic expansion (see Arithmetic Expansion).
The input characters within the quoted string that are also enclosed between "$(" and the matching ')' shall not be affected by the double-quotes, but rather shall define that command whose output replaces the "$(...)" when the word is expanded. The tokenizing rules in Token Recognition , not including the alias substitutions in Alias Substitution , shall be applied recursively to find the matching ')'.
Within the string of characters from an enclosed "${" to the matching '}', an even number of unescaped double-quotes or single-quotes, if any, shall occur. A preceding backslash character shall be used to escape a literal '{' or '}'. The rule in Parameter Expansion shall be used to determine the matching '}' .
The backquote shall retain its special meaning introducing the other form of command substitution (see Command Substitution). The portion of the quoted string from the initial backquote and the characters up to the next backquote that is not preceded by a backslash, having escape characters removed, defines that command whose output replaces "`...`" when the word is expanded. Either of the following cases produces undefined results:
- A single-quoted or double-quoted string that begins, but does not end, within the "`...`" sequence
- A "`...`" sequence that begins, but does not end, within the same double-quoted string
\ The backslash shall retain its special meaning as an escape character (see Escape Character (Backslash)) only when followed by one of the following characters when considered special:
$ ` " \

The application shall ensure that a double-quote is preceded by a backslash to be included within double-quotes. The parameter '@' has special meaning inside double-quotes and is described in Special Parameters.
'''

def quote_for_posix(string):
   return '"' + string.replace('\\', '\\\\').replace('"', '\\"').replace('$', '\\$').replace('`', '\\`')+ '"'

Since the code in that runs off the side of the screen for some reason, here's a version that is easier to read:

def quote_for_posix(string):
     ret_val = '"'
     s = string.replace('\\', '\\\\')
     s = s.replace('"', '\\"')
     s = s.replace('$', '\\$')
     s = s.replace('`', '\\`')
     ret_val += s
     ret_val += '"'
     return ret_val

Note that you do not want to do this if you're already taking care of what appears on the shell. I'm using it because I'm reading in filenames and paths with no control over what they look like, so I need to make sure I can then write those filenames in the shell without things breaking. My issue was coming up when I had a file name containing spaces, a single-quote character ', and parentheses ( ). The shell was not happy with it.

[This Entry]