[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Also, for a wrapper around popen, try commands:
>
> import commands
>
> pattern = raw_input('pattern to search? ')
> print commands.getoutput('grep %s *.txt' % pattern)
What if I entered "; rm -rf * ;" as my pattern?
Don't ever pass user input (from file/web/raw_input) to the shell if
you want to write a secure program!
If you use subprocess then you can use a sequence of args to bypass
the shell rather than a string to be passed to the shell. That will
get over lots of shell escaping problems too. Eg
from subprocess import Popen, PIPE
from glob import glob
pattern = raw_input('pattern to search? ')
files = glob("*.txt")
output = Popen(["grep", pattern] + files, stdout=PIPE).communicate()[0]
print output
You can also use subprocess to read the return code of the command and
its stderr both of which you'll need if you are programming
defensively!
--
Nick Craig-Wood <[EMAIL PROTECTED]> -- http://www.craig-wood.com/nick
--
http://mail.python.org/mailman/listinfo/python-list
