[GLLUG] c++ help sanitizing
Mike
msg at msu.edu
Fri Sep 19 15:49:27 EDT 2008
I think the system() function is a standard C (ISO 89, 99) function that
always uses the shell, (cmd.exe, bash, <whatever's system dependant>).
I'd think it'd be better to use CreateProcess() or something, that
doesn't use the shell at all.
http://msdn.microsoft.com/en-us/library/ms682425.aspx
Don't use WinExec(). It's only for 16-bit apps, so it's kinda deprecated.
http://msdn.microsoft.com/en-us/library/ms687393(VS.85).aspx
I may be wrong, but... how about sanitizing each argument that goes into
the command? If a path has a space in it, it usually needs to be quoted
to be an argument--that may apply to the EXE to run too. If a path
doesn't point to a valid file or directory, that's a problem. If it's
on Windows, maybe backslashes are needed. On Linux... forward slashes.
Clay Dowling wrote:
> Sean O'Malley wrote:
>> This is probably offtopic but..
>> Is there a library in c++ that will sanitize a string for use with an
>> system()/exec() call to the windows command prompt so it can be passed as
>> a string without being interpreted by the command shell thing. Im not
>> wishing to reinvent the wheel with this.
>
> system() is a troublesome function and will probably cause you trouble.
> Try instead some things from the exec() family of functions, which
> recognize discrete parameters. Or WinExec, since you look like you're
> on that platform.
>
> Clay
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://mailman.egr.msu.edu/mailman/listinfo/linux-user
>
More information about the linux-user
mailing list