[pacman-dev] Fwd: [PATCH] repo-add: fix eval and quote issues

8 Feb 2009

...
eval was ugly and dirty, and bit us here. Instead, use a safer form of
variable declaration to ensure quotes don't foil us in pkgdesc or any other
fields.
This fixes FS#10837.
Signed-off-by: Dan McGee <dan@archlinux.org>
---
We apparently had never handled quotes in descriptions correctly, so
Yes, I think I sent this to myself on accident. Looks like it is time
for another cup of coffee.

---------- Forwarded message ----------
From: Dan McGee <dan@archlinux.org>
Date: Sun, Feb 8, 2009 at 12:30 PM
Subject: Re: [PATCH] repo-add: fix eval and quote issues
To: Dan McGee <dan@archlinux.org>

On Sun, Feb 8, 2009 at 12:22 PM, Dan McGee <dan@archlinux.org> wrote:
this patch should fix these issues. I'm going to push this patch to
maint if there are no objections, although I expect our next release
will come from master.
...
scripts/repo-add.sh.in |   25 +++++++++++++------------
 1 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/scripts/repo-add.sh.in b/scripts/repo-add.sh.in
index be0859e..93fdd52 100644
--- a/scripts/repo-add.sh.in
+++ b/scripts/repo-add.sh.in
@@ -152,18 +152,19 @@ db_write_entry()
# read info from the zipped package
       local line
I did make one small fix here- added var and val to the local declaration.
-       for line in $(bsdtar -xOf "$pkgfile" .PKGINFO | \
-               grep -v "^#" | sed 's|\(\w*\)\s*=\s*\(.*\)|\1="\2"|'); do
-               eval "$line"
-               case "$line" in
-                       group=*)    _groups="$_groups$group\n" ;;
-                       depend=*)   _depends="$_depends$depend\n" ;;
-                       backup=*)   _backups="$_backups$backup\n" ;;
-                       license=*)  _licenses="$_licenses$license\n" ;;
-                       replaces=*) _replaces="$_replaces$replaces\n" ;;
-                       provides=*) _provides="$_provides$provides\n" ;;
-                       conflict=*) _conflicts="$_conflicts$conflict\n" ;;
-                       optdepend=*) _optdepends="$_optdepends$optdepend\n" ;;
+       for line in $(bsdtar -xOf "$pkgfile" .PKGINFO | grep -v '^#'); do
+               var="$(echo $line | sed 's|\(\w*\)\s*=\s*\(.*\)|\1|')"
+               val="$(echo $line | sed 's|\(\w*\)\s*=\s*\(.*\)|\2|')"
+               declare $var="$val"
+               case "$var" in
+                       group)    _groups="$_groups$group\n" ;;
+                       depend)   _depends="$_depends$depend\n" ;;
+                       backup)   _backups="$_backups$backup\n" ;;
+                       license)  _licenses="$_licenses$license\n" ;;
+                       replaces) _replaces="$_replaces$replaces\n" ;;
+                       provides) _provides="$_provides$provides\n" ;;
+                       conflict) _conflicts="$_conflicts$conflict\n" ;;
+                       optdepend) _optdepends="$_optdepends$optdepend\n" ;;
               esac
       done
--
1.6.1.2

    