ANY kind of input , wheter coming form a text field, file or i/o interface needs to be 'sanitized'.
in case of filenames : if you detect a space in the string : remove any existing quote marks and re-wrap in quote marks. scan for illegal characters ( so people can't force os commands through the file filter. etc etc
agreed. The problem with today's kids is that they are re-learning all the same old mistakes over and over again.
Anyone who grew up on Usenet has seen all the robustness of the software that defined the "Internet" back then.
We've seen all the exploits fixed, all the good programming practices adhered to, and we all learned what not to do when writing code.
Today, it's Ajax/JSON/HTML/SQL/PHP, etc and all these technologies are being re-exploited because the new kids are writing the same old bad code, and creating the same old problems we already fixed once. They write code, but they aren't thinking.
Now, none of what I just said has anything to do with reading data from a file. But as FE said, it's the most basic of all things. Sanitize the input stream, especially if it is an original source that might have been modified by an end user, as Kicad's text files are.
Kicad itself doesn't even follow any of the most basic usability and workflow paradigms that came before it, as most every other capture and PCB program does. It's just a beast to work with.
(yeah I know, quit whining, it's free
)