[Qgis-developer] R scripts for raster layers in External Apps of the Sextante Toolbox plugin
Barry Rowlingson
b.rowlingson at lancaster.ac.uk
Mon Aug 27 07:37:23 PDT 2012
On Mon, Aug 27, 2012 at 3:33 PM, Etienne Tourigny
<etourigny.dev at gmail.com> wrote:
> You are right, because shell=True is used when command is a string,
> not an array.
>
> Plus it's deemed a security hazard:
> Warning Invoking the system shell with shell=True can be a security
> hazard if combined with untrusted input. See the warning under
> Frequently Used Arguments for details.
That's normally a problem when running code on a server with
parameters coming from the request, but not in a desktop environment.
The code should probably also check the return value from the
proc.wait() call for errors...
Barry
More information about the Qgis-developer
mailing list