[CentOS] bash - safely pass untrusted strings?

Tue Feb 26 22:33:30 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Benjamin Smith wrote:
> > Unless I'm terribly mistaken (again?), the only way I've been able to 
> see "loop thru a list of files" work reliably is with "find" using 
> the "-print0" option, in cahoots with xargs. 
> 
> Is there any other way? 

for $file in wildcard*
   do
     ls -l "$file"
   done

But this is the point where you should be asking what to do about quotes 
embedded in the filenames which won't hurt here because of the order of 
operations but would if you tried to collect the strings and use them in 
some other ways.

Does anyone have a quick reference to the order of operations as the 
shell parses a command line (variable parsing,i/o redirection, wildcard 
and variable expansion, splitting on IFS, quote removal, command 
substitution etc.)?  That's really the first thing you need to know 
about the shell and if there is a simple description it must be buried 
in the middle of some obscure manual.

-- 
  Les Mikesell
    lesmikesell at gmail.com