# regular expression conundrum

Duncan Booth duncan at NOSPAMrcp.co.uk
Thu Aug 15 05:32:30 EDT 2002

Chris Spencer <clspence at one.net> wrote in
news:5k6llu4k7vrgli643e2fqg9qnlope6bcoq at 4ax.com:

>      I'm building a string that will be eval()-ed.  I'm building a
>      string
> which will include Windows path names.  Some of my users, not knowing
> Python, will do something like this: "d:\foo\bar\"+filename
>      When eval()-ed, the " is escaped by the final backslash in the
>      directory
> string.  I'm making it easy on them by giving them an option to
> wholesale escape all backslashes.  But just in case they did it RIGHT
> by typing: "d:\foo\bar\\"+filename  I want to make sure that the final
> two backslashes aren't escaped again, causing two backslashes to be
> present in an eval().
>
I'm not sure I would call "d:\foo\bar\\" right in any case, let alone
uppercase. Generally speaking formfeeds and backspaces are best left out of
filenames.

Given that under Windows either '\' or '/' may be used as path separators,
you could just deny them any escapes sequences in the strings and do
eval(replace(s, '\\', '/')). If you want you can then normalise the paths
using os.path.normpath.

If you must use eval, then at least restrict the available functions. In
fact give your users a new set of builtins taken from os.path, such as
join, normpath, expandvars. os.path.join('d:\\foo\\bar\\', filename) and
os.path.join('d:\\foo\\bar', filename) both work, so if you get into the
habit of using it, you never need to put a trailing backslash on a path.

--
Duncan Booth                                             duncan at rcp.co.uk
int month(char *p){return(124864/((p[0]+p[1]-p[2]&0x1f)+1)%12)["\5\x8\3"
"\6\7\xb\1\x9\xa\2\0\4"];} // Who said my code was obscure?