Hi there, I'm trying to validate some user input which is for the most part simple regexery however I would like to check filenames and I would like this code to be multiplatform.
I had hoped the os module would have a function that would tell me if a proposed filename would be valid on the host system but it seems not. I have considered whitelisting but it seems a bit unfair to make the rest of the world suffer the naming restrictions of windows. Moreover it seems both inelegant and hard work to research the valid file/directory naming conventions of every platform that this app could conceivably run on and write regex's for all of them so... I'm tempted to go the witch dunking route, stick it in an open() between a Try: & Except: and see if it floats. However... Although it's a desktop (not internet facing) app I'm a little squeamish piping raw user input into a filesystem function like that and this app will be dealing with some particularly sensitive data so I want to be careful and minimize exposure where practical. Has programming PHP and Web stuff for years made me overly paranoid about this or do I should I still be scrubbing input like this before I feed it to filesystem functions? If so does anyone know of a module that may help or have any other advice. Note: In this particular case the user input is only specifying the name of a file that will be opened for writing _not_ reading and the interface is GUI only (wxWidgets). Regards, Roger. -- http://mail.python.org/mailman/listinfo/python-list
