garry saddington wrote:
On Fri, 2006-05-19 at 09:01 +0200, Tino Wildenhain wrote:
garry saddington wrote:
This code on linux works without a problem
ispell = os.popen("echo " + word + | /opt/scholarpack/ancillary/ispell/bin/ispell -a") ispell.readline sentence = ispell.readline()
What if the word is like `rm -rf /` It is impossible for this to happen because of other controls in place.
Well Zope isnt PHP. You dont need to create potential security problems if the fix is much more easier then your bunch of (untested) code you believe prevents it from happen.
for example? Doing something like that above is completely creazy :( There are actually 3 different popen() variants - 2 of them give you stdin too so you better use this to write the "word" to ispells stdin. Don't use echo or something like this! ...
however on windows it throws a string index out of range at the sentence[0] constructs. ...
I am not bothered about the paths, that is not the question. Both commands work in their respective environments. It is the sequence[0] that throws the error so I am looking at differences in the way the results are returned from ispell.readline() regards Garry
Well, what if you try it out in the interactive interpreter? if sequence is an empty list, accessing [0] index will give you that error you see. So your code above does not work as expected. See also the comment regarding "echo", Fred made. Regards Tino