[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: io.popen Run command with spaces in argument filename, and get the result
- From: Andrew Gierth <andrew@...>
- Date: Mon, 08 Feb 2021 17:55:32 +0000
>>>>> "v" == v <v19930312@gmail.com> writes:
>> No it doesn't, it turns into:
>>
>> otfinfo -p 'somefile\'\'';rm -rf /*;echo \'\'''
>>
>> Note that \ is not an escape character inside '...' so this is
>> correct.
>>
>> Perhaps you misunderstood what the [[ ]] do, you certainly didn't try
>> running the actual code.
v> Oops, my bad - I've misunderstood how shell matches tick braces (and
v> still a little confused about that as of right now, actually).
The reason for using '...' here is exactly because it has the _simplest_
quoting rules: the character ' itself may not appear within '...' (i.e.
any ' character terminates the quote) and every other character, without
exception, is quoted (there are no escape characters). So in this
example the input breaks down into the following 5 sequences (with no
characters between them, so they are concatenated into one single word):
'somefile\'
\'
';rm -rf /*;echo \'
\'
''
Since \' outside of any quoting construct is itself just a quoted '
character, then when these are reassembled with the quoting removed we
get a word with:
somefile\';rm -rf /*;echo \'
which was the original string.
BTW, you can use a command like printf '[%s]' blahblah or similar to
test argument splitting/dequoting in the shell.
--
Andrew.
- References:
- io.popen Run command with spaces in argument filename, and get the result, Robin Stern
- Re: io.popen Run command with spaces in argument filename, and get the result, Andrew Gierth
- Re: io.popen Run command with spaces in argument filename, and get the result, v
- Re: io.popen Run command with spaces in argument filename, and get the result, Andrew Gierth
- Re: io.popen Run command with spaces in argument filename, and get the result, v
