| Re: Spaces in filenames [message #173705 is a reply to message #173702] |
Sat, 30 April 2011 11:57   |
Tim Streater
Messages: 328
Registered: September 2010
Karma:
|
Senior Member |
|
|
In article <6N2dnXd-OYug-CbQnZ2dnUVZ_jydnZ2d(at)posted(dot)localnet>,
Robert Heller <heller(at)deepsoft(dot)com> wrote:
> At Sat, 30 Apr 2011 00:00:50 +0100 Tim Streater <timstreater(at)waitrose(dot)com>
> wrote:
>
>>
>> When my app starts up, it discovers where it has been installed using:
>>
>> $instdir = dirname (__FILE__);
>>
>> Now, I have no control over where this might be in the file system, and
>> the user may well put it somewhere such that the path contains spaces.
>> I'm passing this round the app, and in the fullness of time may be doing
>> things like:
>>
>> $fp = fopen ($instdir . "/wiggy", "r");
>>
>> Does it matter to PHP filesystem functions if the filename contains
>> spaces?
>>
>> But what's worse, I'll also be passing $instdir to shell scripts via
>> exec ().
>>
>> Seems to me I can:
>>
>> 1) search/replace $instdir to escape spaces with backslash-space. But
>> does this mess up PHP filesystem functions?
>
> Most likely.
Hmmm, I haven't in fact tested using a spacey path or a backslash-spacey
path, but it wouldn't necessarily help anyway, since I don't know how
fopen etc work internally and it could be that it might work with fopen
but not fclose (say).
>> 2) leave $instdir as-is, but use escapeshellarg on it whenever I need to
>> pass it through exec().
>
> This is the approach.
It's certainly what I'd prefer, but I'd still like to convince myself
that PHP filesystem functions are OK by design with spacey paths.
> OTOH, you really should not be using exec() at all -- it is a security
> risk.
In all cases the PHP scripts are being run under the user's id on their
own machine. I'm using it to start/stop an instance of apache, to run
newsyslog, open [1], and Safari [2].
> Note furthur: it is more likely that your PHP code will be installed on
> a UNIX (Linux) system (eg a LAMP box) and Linux sysadmins (and many
> users) tend to avoid spaces in file pathnames, esp. on servers. You may
> be chasing a problem that is not going to be an issue.
:-)
See my other reply post on the structure of the app. The user decides
where *everything* goes, since everything is running on their own
machine (which acts as server as well as client). As for running it
under linux, it could probably be done since its unix. I'm developing
under OS X as that is what I have (I have no access to a linux box).
[1] Under OS X you can do:
open filename
on the command line and filename opens for the user with whatever is the
default app for that type of file. Typically, filename is going to be a
user file.
[2] Having it start a Safari instance happens to be how it's coded, but
everything tests OK with other browsers.
--
Tim
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]