Re: io.popen Run command with spaces in argument filename, and get the result

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: io.popen Run command with spaces in argument filename, and get the result
From: Andrew Gierth <andrew@...>
Date: Sun, 07 Feb 2021 23:45:59 +0000

>>>>> "v" == v  <v19930312@gmail.com> writes:

 >> The logic here is that '...' in POSIX shell quotes every character
 >> except ' itself, without allowing any form of escape, so we replace
 >> ' by the sequence '\'' which closes the existing quote, adds an
 >> escaped ' character, and opens another quote. There are other ways
 >> to do shell quoting but this one is the safest.

 v> Until someone passes \' in as input filename, which makes it break
 v> horribly. E.g.

 v> somefile\';rm -rf /*;echo \'

 v> turns into

 v> otfinfo -p 'somefile\\';rm -rf /*;echo \\''

No it doesn't, it turns into:

otfinfo -p 'somefile\'\'';rm -rf /*;echo \'\'''

Note that \ is not an escape character inside '...' so this is correct.

Perhaps you misunderstood what the [[ ]] do, you certainly didn't try
running the actual code.

-- 
Andrew.

Follow-Ups:
- Re: io.popen Run command with spaces in argument filename, and get the result, v

References:
- io.popen Run command with spaces in argument filename, and get the result, Robin Stern
- Re: io.popen Run command with spaces in argument filename, and get the result, Andrew Gierth
- Re: io.popen Run command with spaces in argument filename, and get the result, v

Prev by Date: Re: io.popen Run command with spaces in argument filename, and get the result
Next by Date: Re: io.popen Run command with spaces in argument filename, and get the result
Previous by thread: Re: io.popen Run command with spaces in argument filename, and get the result
Next by thread: Re: io.popen Run command with spaces in argument filename, and get the result
Index(es):
- Date
- Thread