On vrijdag, maa 7, 2003, at 22:48 Europe/Amsterdam, Thomas Heller wrote:
In distutils we had a similar problem. I don't remember the details at the moment exactly, but I think enclosing sys.executable in double quotes *only* when it contains spaces should do the trick.
But only spaces may not be good enough. What I think we really want is a function that makes any string safe for popen/exec/shell script (or raises an exception if it can't be done?). As this function will have to be platform-specific it seems os.path would be a suitable place for it. Or would this give a false sense of security to people who write cgi scripts or something and then suddenly get hit by an IFS hack or similar trick? -- - Jack Jansen <Jack.Jansen@oratrix.com> http://www.cwi.nl/~jack - - If I can't dance I don't want to be part of your revolution -- Emma Goldman -