From 2ebf8ce488b64fb4a205e6b94de309d56cf387d2 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Sun, 27 Jun 2010 21:48:35 +0000 Subject: [PATCH] Merged revisions 81881-81882 via svnmerge from svn+ssh://pythondev@svn.python.org/python/trunk ........ r81881 | andrew.kuchling | 2010-06-10 19:16:08 -0500 (Thu, 10 Jun 2010) | 1 line #5753: update demo.c to use PySys_SetArgvEx(), and add a comment ........ r81882 | andrew.kuchling | 2010-06-10 19:23:01 -0500 (Thu, 10 Jun 2010) | 1 line #5753: Suggest PySys_SetArgvEx() instead of PySys_SetArgv() ........ --- Demo/embed/demo.c | 15 ++++++++++++--- Doc/c-api/intro.rst | 8 ++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/Demo/embed/demo.c b/Demo/embed/demo.c index 22bfaff4fd..dc8bcf04fc 100644 --- a/Demo/embed/demo.c +++ b/Demo/embed/demo.c @@ -20,10 +20,19 @@ main(int argc, char **argv) Py_Initialize(); /* Define sys.argv. It is up to the application if you - want this; you can also let it undefined (since the Python + want this; you can also leave it undefined (since the Python code is generally not a main program it has no business - touching sys.argv...) */ - PySys_SetArgv(2, args); + touching sys.argv...) + + If the third argument is true, sys.path is modified to include + either the directory containing the script named by argv[0], or + the current working directory. This can be risky; if you run + an application embedding Python in a directory controlled by + someone else, attackers could put a Trojan-horse module in the + directory (say, a file named os.py) that your application would + then import and run. + */ + PySys_SetArgvEx(argc, argv, 0); /* Do some application specific code */ printf("Hello, brave new world\n\n"); diff --git a/Doc/c-api/intro.rst b/Doc/c-api/intro.rst index 4b67912cf4..249610b456 100644 --- a/Doc/c-api/intro.rst +++ b/Doc/c-api/intro.rst @@ -519,12 +519,12 @@ the table of loaded modules, and creates the fundamental modules :mod:`builtins`, :mod:`__main__`, :mod:`sys`, and :mod:`exceptions`. It also initializes the module search path (``sys.path``). -.. index:: single: PySys_SetArgv() +.. index:: single: PySys_SetArgvEx() :cfunc:`Py_Initialize` does not set the "script argument list" (``sys.argv``). -If this variable is needed by Python code that will be executed later, it must -be set explicitly with a call to ``PySys_SetArgv(argc, argv)`` subsequent to -the call to :cfunc:`Py_Initialize`. +If this variable is needed by Python code that will be executed later, it must +be set explicitly with a call to ``PySys_SetArgvEx(argc, argv, updatepath)`` +after the call to :cfunc:`Py_Initialize`. On most systems (in particular, on Unix and Windows, although the details are slightly different), :cfunc:`Py_Initialize` calculates the module search path -- 2.40.0