On Jan 15, 2008 6:26 AM, Tobia <[EMAIL PROTECTED]> wrote: > Elf wrote:
>> (define (system->string . args) >> (string-chomp (with-input-from-pipe (string-join args " ") read-all))) > if this system->string is going to be of any use, it should > quote its arguments against any possible interpretation by the shell. > Fortunately there is a simple way which supposedly works with every > flavour of UNIX shell: replace every ' with '\'' and enclose each > argument in '...' The issue with applying this to every argument is that you prevent even desired shell interpretation, such as wildcard expansion. Such interpretation is pretty much the entire reason for the system() call in the first place. It's probably better that the user quote arguments selectively with his own quoting function before invoking the command. If you truly want to bypass the shell--which is often a good idea when dealing with user input--it's best not to use system() at all. That includes using with-input-from-pipe, which uses popen(), which itself calls system(). Instead you should pipe(), fork() and exec() -- the latter, of course, taking its arguments as an array. Actually, that's exactly what 'process' in the posix unit does. But there's no nice wrapper around it. If with-input-from-pipe were to optionally take a list as first argument, and (if a list) open a pipe bypassing the shell in this manner, that might be something worth looking into. _______________________________________________ Chicken-users mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/chicken-users
