[CentOS] Re: bash - safely pass untrusted strings?

Tue Feb 26 23:57:57 UTC 2008
Robert Nichols <rnicholsNOSPAM at comcast.net>

Benjamin Smith wrote:
> 
> It's obviously getting slipped on on the "-b". Tried again: 
> $ cat script3.sh
> #! /bin/bash
> for file in $*
>         do
>         ls -l -- "$file";
>         done
> $ /bin/bash ./script3.sh *
> -rw-r--r-- 1 bens nobody 5 2008-02-26 12:14 -b
> ls: cannot access Disney: No such file or directory
> ls: cannot access trip: No such file or directory
> ls: cannot access -a: No such file or directory
> ls: cannot access mother\'s: No such file or directory
> ls: cannot access journey.doc: No such file or directory
> -rwxr--r-- 1 bens nobody 103 2008-02-26 13:35 script1.sh
> -rwxr--r-- 1 bens nobody 26 2008-02-26 11:54 script2.sh
> -rw-r--r-- 1 bens nobody 57 2008-02-26 15:21 script3.sh
> -rw-r--r-- 1 bens nobody 55 2008-02-26 13:17 t
> 
> Still has bad errors, properly quoted, otherwise legal file names. Redefine 
> IFS? 

Still not properly quoted.  What you need in the "for ..." line is the
syntax that quotes each individual argument (so that embedded white space
doesn't get treated as argument delimiters) while still maintaining
"$1" "$2" "$3" etc. as separate arguments.  That's what "$@" does:

for file in "$@"
	do
	ls -l -- "$file"
	done

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.