[Tutor] making a cgi search safe(r)

[Gabriel Farrell]

Greetings,

I'm setting up a search for an online catalog.  It works right now by
passing the cgi search query to the command-line swish-e via os.popen.
I'll do it via a direct interface as soon as I figure out how to do
that with swig or the swishe module.  In the meantime, I'm trying to
sanitize the query so it's safer on the shell.  The swish-e
documentation says it's better to include only the characters that you
want rather than knock out the known offenders.  It seems like there
should be a simple way with string methods or the re module.  Right
now I've got:

def getquery():
    kosher = re.compile(r'\w|"|\'|[ ]')
    sanitized = ''.join(kosher.findall(form['query'].value))


Is this about the best way to do this?

gabe