merlyn@xxxxxxxxxxxxxx (Randal L. Schwartz) writes:
>>>>>> "Avery" == Avery Pennarun <apenwarr@xxxxxxxxx> writes:
>
> Avery> Shell quoting is a disaster (including security holes, where relevant)
> Avery> waiting to happen. The above is the only sane way to do it, and it
> Avery> isn't very hard to implement. (Instead of system() in the subprocess,
> Avery> you can use exec().)
>
> quotemeta() is about regex quoting. This is not precisely the same as shell
> quoting, and is both misleading, and potentially broken.
Agreed to, and grateful for, both of your comments.
Do you like the one Jakub quoted from how gitweb does it? It looks like
this:
# quote the given arguments for passing them to the shell
# quote_command("command", "arg 1", "arg with ' and ! characters")
# => "'command' 'arg 1' 'arg with '\'' and '\!' characters'"
# Try to avoid using this function wherever possible.
sub quote_command {
return join(' ',
map( { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ ));
}
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
