On Mon, May 27, 2013 at 02:21:34PM +0000, Xyne wrote:
Dave Reisner wrote:
On May 25, 2013 1:02 PM, "Xyne" <xyne@archlinux.ca> wrote:
Hi,
The commented XferCommands in the default pacman.conf lack proper quoting. Would you please add single quotes around the place holders "%u" and "%o"?
I'd be opposed to this. The substitutions should be made to be shell safe (pre-quoted) so that the user doesn't need to worry about it.
I agree that the proper way to handle this is by shell-escaping the values before calling the command, but I did not expect anyone to have any interest in doing that. If someone wants to do that before the next release then that would be great, but if not then the quotes would be better than nothing. Overall it will ensure that more cases are correctly handled at the expense of a simple edit.
Thanks.
The effort involved in this is a +2/-2 patch to quote the substitutions for %u and %o and we cover everything, versus a +2/-2 patch to quote the lines in pacman.conf, covering the defaults and assuming that users will get the hint.