Re: bash - safely pass untrusted strings?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Feb 26, 2008 at 11:22:55AM -0800, Benjamin Smith wrote:

> file: script1.sh 
> #! /bin/bash
> script2.sh $1 

There's your mistake.  It should be
  script2.sh "$1"
Otherwise $1 is evaluated and passed through as potentially multiple
parameters to script2.sh

For example:
  $ cat x
  #!/bin/sh
  ./y "$1"

  $ cat y
  #!/bin/sh
  echo "$1"

  $ ./x "hello\ there"
  hello\ there


The problem isn't the shell doing bad things, it's you not understanding
how shell variable expansion is done when calling external commands.

-- 

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux