Andrew Fladmark wrote:
Moving forward, I have an implementation question. From PHP, there are two ways we can talk to ASpell. One is the same as the Nox server's approach which is to execute and process command line output. The other is to use PHP's PSpell library. As I understand it, there are two issues here: 1. The command line option can be restricted for (obvious) security restrictions. 2. PSpell library has to be enabled.
I want to choose the option that has the greatest chance of being acceptable to admins and the least burden for setting up... Do most PHP environments allow command execution 'out-of-the-box'? If not, my feeling is that for anyone to use ASpell they'll need to install ASpell anyway so enabling the library extension probably isn't an unreasonable expectation. And we don't need to have a config parameter in RoundCube directly to deal with the path to ASpell's executable, which is another advantage.
Unfortunately there are probably many environments that have one or the other disabled.
I'm not sure how difficult it might be to implement both, and perhaps have some checks and try one, and fail back to the other. I would suggest preferring the pspell module, as it would probably be faster and more secure. However, (and this is just conjecture) I would think more sites may have command execution enabled than have the pspell module.
On FreeBSD, the pspell module is not included in the default php install and it is not a default selection in the php-extensions port. It is selectable, but it does require a conscious effort. I enable it on most of the installs that I do, but I can't speak for others.
On the other hand, executing commands is enabled by default, unless safe mode is on and even then you can specify a directory with allowed executables. Since aspell is a pretty popular library, I imagine at least some places offer it.
Jim