Skip to main content.
home | support | download

Back to List Archive

Re: New version: swish-e-1.3.2-PHRASEp.tar.gz

From: <Rainer.Scherg(at)not-real.rexroth.de>
Date: Mon Jun 19 2000 - 11:51:45 GMT
IMO popen is a POSIX function, so it should also work on Windows.
(is Windows POSIX compliant? - NT should be...)

Harmful shell characters:
 Perhaps there should be a "correction macro" or subroutine,
which does a conversion or shell escaping of filenames for shells.

- rainer


-----Original Message-----
From: David Norris [mailto:dave@webaugur.com]
Sent: Saturday, June 17, 2000 10:32 AM
To: Rainer.Scherg@rexroth.de
Cc: Multiple recipients of list
Subject: Re: [SWISH-E] Re: New version: swish-e-1.3.2-PHRASEp.tar.gz


Rainer.Scherg@rexroth.de wrote:
> sprintf(filtercmd, "%s \'%s\'",filterprog,e->filename);

Excellent point.  Leaving special characters in the command line could
be a major security problem.

I don't think ' will work on Window's shell and maybe others.  Perhaps a
preprocessor macro for systems with broken shells.  I'll test that on
Windows over the weekend.

-- 
,David Norris
  Dave's Web - http://www.webaugur.com/dave/
  Dave's Weather - http://www.webaugur.com/dave/wx
  ICQ Universal Internet Number - 412039
  E-Mail - dave@webaugur.com


----------------------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted Mails can NOT be checked !

* * *

Diese Mail wurde auf Viren ueberprueft
Hinweis: Verschluesselte Mails koennen NICHT geprueft werden !
----------------------------------------------------------------------
Received on Mon Jun 19 07:59:35 2000