garry saddington wrote: > On Fri, 2006-05-19 at 09:01 +0200, Tino Wildenhain wrote: >> garry saddington wrote: >>> This code on linux works without a problem >>> >>> ispell = os.popen("echo " + word + >>> | /opt/scholarpack/ancillary/ispell/bin/ispell -a") >>> ispell.readline >>> sentence = ispell.readline() >> >> What if the word is like `rm -rf /` > It is impossible for this to happen because of other controls in place.
Well Zope isnt PHP. You dont need to create potential security problems if the fix is much more easier then your bunch of (untested) code you believe prevents it from happen. >> for example? >> Doing something like that above is completely >> creazy :( There are actually 3 different popen() >> variants - 2 of them give you stdin too so you better >> use this to write the "word" to ispells stdin. >> Don't use echo or something like this! >> ... >>> however on windows it throws a string index out of range at the >>> sentence constructs. ... > I am not bothered about the paths, that is not the question. Both > commands work in their respective environments. It is the sequence > that throws the error so I am looking at differences in the way the > results are returned from ispell.readline() > regards > Garry Well, what if you try it out in the interactive interpreter? if sequence is an empty list, accessing  index will give you that error you see. So your code above does not work as expected. See also the comment regarding "echo", Fred made. Regards Tino _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )