18 Aug
2011
18 Aug
'11
7:47 p.m.
On 19/08/11 03:57, Dave Reisner wrote:
This is a safety measure to prevent simple code injection.
$ i="foo bar" $ eval i="$i" bash: bar: command not found $ eval i='$i' $ echo "|$i|" |foo bar|
Signed-off-by: Dave Reisner<dreisner@archlinux.org>
No signoff... with single quotes it does not actually do the variable substitutions which is the whole point.
_ver=1.8.2 i='${_ver/[a-z]/.${_ver//[0-9.]/}}' echo $i ${_ver/[a-z]/.${_ver//[0-9.]/}}
eval i='$i' echo $i ${_ver/[a-z]/.${_ver//[0-9.]/}}
eval i="$i" echo $i 1.8.2
So what is really needed is: eval i=\"$i\" Allan