[Qgis-developer] R scripts for raster layers in External Apps of the Sextante Toolbox plugin

Barry Rowlingson b.rowlingson at lancaster.ac.uk
Mon Aug 27 07:37:23 PDT 2012


On Mon, Aug 27, 2012 at 3:33 PM, Etienne Tourigny
<etourigny.dev at gmail.com> wrote:

> You are right, because shell=True is used when command is a string,
> not an array.
>
> Plus it's deemed a security hazard:
> Warning Invoking the system shell with shell=True can be a security
> hazard if combined with untrusted input. See the warning under
> Frequently Used Arguments for details.

 That's normally a problem when running code on a server with
parameters coming from the request, but not in a desktop environment.

 The code should probably also check the return value from the
proc.wait() call for errors...

Barry


More information about the Qgis-developer mailing list