Remove current directory from the default used when PATH is unset

* dialog.py (_find_in_path): in case PATH was unset, the default value
used to start with a colon, which caused pythondialog to look for the
executable in the current directory if (1) the specified executable
didn't contain a '/' and (2) the PATH environment variable was unset.
This behavior was conformant to what glibc's execvp() function did until
version 2.24 from 2016, but wasn't ideal (if a pythondialog-based
program had its current directory world-writable, this could be used to
trap users whose PATH is unset---which is rather unlikely, fortunately).
This suboptimal default behavior when PATH is unset was changed in glibc
2.24, and we are following suit here, i.e., the new default is
"/bin:/usr/bin". Also clarify the docstring.

* dialog.py (_path_to_executable): return the result after applying
os.path.realpath() and clarify the docstring. Using os.path.realpath()
at this point ensures that the path to the dialog-like executable is
resolved at the time the Dialog instance is created. This way, a
pythondialog-based program can change its current directory after
creating a Dialog instance without fearing that this might cause
subsequent pythondialog calls to fail or to invoke an executable from a
different directory.

* dialog.py (Dialog.__init__): adapt the docstring to reflect the
aforementioned change when PATH is unset (as mentioned above for
_find_in_path()).

(cherry picked from commit 94c2702)

Author: frougon

dialog.py

@@ -429,20 +429,18 @@ def _find_in_path(prog_name):
     """Search an executable in the :envvar:`PATH`.
 
     If :envvar:`PATH` is not defined, the default path
-    ``:/bin:/usr/bin`` is used.
+    ``/bin:/usr/bin`` is used.
 
-    Return a path to the file or ``None`` if no readable and executable
-    file is found.
+    Return a path to the file, or ``None`` if no file with a matching
+    basename as well as read and execute permissions is found.
 
     Notable exception:
 
       :exc:`PythonDialogOSError`
 
     """
     with _OSErrorHandling():
-        # Note that the leading empty component in the default value for PATH
-        # could lead to the returned path not being absolute.
-        PATH = os.getenv("PATH", ":/bin:/usr/bin") # see the execvp(3) man page
+        PATH = os.getenv("PATH", "/bin:/usr/bin") # see the execvp(3) man page
         for d in PATH.split(os.pathsep):
             file_path = os.path.join(d, prog_name)
             if os.path.isfile(file_path) \
@@ -455,14 +453,17 @@ def _path_to_executable(f):
     """Find a path to an executable.
 
     Find a path to an executable, using the same rules as the POSIX
-    exec*p functions (see execvp(3) for instance).
+    exec*p() functions (see execvp(3) for instance).
 
-    If *f* contains a ``/``, it is assumed to be a path and is simply
-    checked for read and write permissions; otherwise, it is looked for
-    according to the contents of the :envvar:`PATH` environment
-    variable, which defaults to ``:/bin:/usr/bin`` if unset.
+    If *f* contains a ``/`` character, it must be a relative or absolute
+    path to a file that has read and execute permissions. If *f* does
+    not contain a ``/`` character, it is looked for according to the
+    contents of the :envvar:`PATH` environment variable, which defaults
+    to ``/bin:/usr/bin`` if unset.
 
-    The returned path is not necessarily absolute.
+    The return value is the result of calling :func:`os.path.realpath`
+    on the path found according to the rules described in the previous
+    paragraph.
 
     Notable exceptions:
 
@@ -472,8 +473,7 @@ def _path_to_executable(f):
     """
     with _OSErrorHandling():
         if '/' in f:
-            if os.path.isfile(f) and \
-                   os.access(f, os.R_OK | os.X_OK):
+            if os.path.isfile(f) and os.access(f, os.R_OK | os.X_OK):
                 res = f
             else:
                 raise ExecutableNotFound("%s cannot be read and executed" % f)
@@ -484,7 +484,7 @@ def _path_to_executable(f):
                     "can't find the executable for the dialog-like "
                     "program")
 
-    return res
+    return os.path.realpath(res)
 
 
 def _to_onoff(val):
@@ -902,10 +902,11 @@ def __init__(self, dialog="dialog", DIALOGRC=None,
 
         :param str dialog:
           name of (or path to) the :program:`dialog`-like program to
-          use; if it contains a ``'/'``, it is assumed to be a path and
-          is used as is; otherwise, it is looked for according to the
-          contents of the :envvar:`PATH` environment variable, which
-          defaults to ``":/bin:/usr/bin"`` if unset.
+          use. If it contains a slash (``/``), it must be a relative or
+          absolute path to a file that has read and execute permissions,
+          and is used as is; otherwise, it is looked for according to
+          the contents of the :envvar:`PATH` environment variable, which
+          defaults to ``/bin:/usr/bin`` if unset.
         :param str DIALOGRC:
           string to pass to the :program:`dialog`-like program as the
           :envvar:`DIALOGRC` environment variable, or ``None`` if no

doc/intro/intro.rst

@@ -14,9 +14,9 @@ The *dialog* parameter indicates the executable to use to invoke the backend
 (which must be compatible with dialog_). For instance, one might use something
 like ``dialog="/home/dave/src/dialog-1.2-20140219/dialog"``. The default value
 is ``"dialog"``, and since it does not contain any slash (``/``), it is looked
-up in the :envvar:`PATH` environment variable. See :meth:`Dialog.__init__` for
-a description of all parameters that can be passed to the :class:`Dialog`
-constructor.
+up according to the :envvar:`PATH` environment variable. See
+:meth:`Dialog.__init__` for a description of all parameters that can be passed
+to the :class:`Dialog` constructor.
 
 .. _dialog: http://invisible-island.net/dialog/dialog.html