[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: io.popen Run command with spaces in argument filename, and get the result
- From: Andrew Gierth <andrew@...>
- Date: Sun, 07 Feb 2021 23:45:59 +0000
>>>>> "v" == v <email@example.com> writes:
>> The logic here is that '...' in POSIX shell quotes every character
>> except ' itself, without allowing any form of escape, so we replace
>> ' by the sequence '\'' which closes the existing quote, adds an
>> escaped ' character, and opens another quote. There are other ways
>> to do shell quoting but this one is the safest.
v> Until someone passes \' in as input filename, which makes it break
v> horribly. E.g.
v> somefile\';rm -rf /*;echo \'
v> turns into
v> otfinfo -p 'somefile\\';rm -rf /*;echo \\''
No it doesn't, it turns into:
otfinfo -p 'somefile\'\'';rm -rf /*;echo \'\'''
Note that \ is not an escape character inside '...' so this is correct.
Perhaps you misunderstood what the [[ ]] do, you certainly didn't try
running the actual code.