[CentOS] bash - safely pass untrusted strings?
Stephen Harris
lists at spuddy.org
Tue Feb 26 21:30:30 UTC 2008
On Tue, Feb 26, 2008 at 11:22:55AM -0800, Benjamin Smith wrote:
> file: script1.sh
> #! /bin/bash
> script2.sh $1
There's your mistake. It should be
script2.sh "$1"
Otherwise $1 is evaluated and passed through as potentially multiple
parameters to script2.sh
For example:
$ cat x
#!/bin/sh
./y "$1"
$ cat y
#!/bin/sh
echo "$1"
$ ./x "hello\ there"
hello\ there
The problem isn't the shell doing bad things, it's you not understanding
how shell variable expansion is done when calling external commands.
--
rgds
Stephen
More information about the CentOS
mailing list