[CentOS] bash - safely pass untrusted strings?

Tue Feb 26 15:30:12 UTC 2008
Bob Beers <bob.beers at gmail.com>

On Tue, Feb 26, 2008 at 10:11 AM, Benjamin Smith <lists at benjamindsmith.com>
wrote:

> In bash, given a string assignment as follows, how do I "add slashes"
> automagically, so that it can be safely passed to another program? Notice
> that the assignment contains spaces, single-quotes and double-quotes,
> maybe
> god-only-knows-what-else. It's untrusted data.
>
> Yet I need to pass it all *safely*.
>
> The appropriate function in PHP is addslashes(); but what is the bash
> equivalent? EG:
>


short answer:  single quotes will handle all characters, except single
quotes.

long answer:  man bash
 the section called QUOTING may help you figure a solution.



>
> #! /bin/sh
> A="This isn't a \"parameter\"";


> B=`/path/to/somecommand.sh $A`;
> exit 0;
>
>
> Thanks,
>
> -Ben
>

HTH,
-Bob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080226/b81aa880/attachment-0004.html>