yeah, if youre going to run shell commands based on input, its a good idea to sanitise all the input. $( ) and these guys: ` and & are other gotchas, not just ;
and & and && apply even to dos cmd, not just gnu/linux. and using the python builtins will save you all this trouble, unless theres a reason you absolutely have to use the shell.
and & and && apply even to dos cmd, not just gnu/linux. and using the python builtins will save you all this trouble, unless theres a reason you absolutely have to use the shell.