David L Norris wrote:
> On Mon, 2006-10-16 at 18:35 -0700, Peter Karman wrote:
> 
>>I think we might be over-thinking this. If the original issue that stringQuote() 
>>was trying to address was simply that quotes in filenames cause problems, why 
>>not just escape quotes, rather than trying to escape everything suspicious?

We should escape everything suspicious, because I was able to run a 'rm -rf'
with a file like this "mynicefilename.pdf;rm -rf /". The same applies to & |
, and more...

Cheers,

-- 
Ludovic Drolez.

http://zaurus.palmopensource.com    - The Zaurus Open Source Portal
http://www.drolez.com      - Personal site - Linux and PalmOS stuff