[pacman-dev] [PATCH 2/2] makepkg: single quote re-evaluation of simple vars
Dave Reisner
d at falconindy.com
Thu Aug 18 15:46:50 EDT 2011
On Fri, Aug 19, 2011 at 05:47:48AM +1000, Allan McRae wrote:
> On 19/08/11 03:57, Dave Reisner wrote:
> >This is a safety measure to prevent simple code injection.
> >
> >$ i="foo bar"
> >$ eval i="$i"
> >bash: bar: command not found
> >$ eval i='$i'
> >$ echo "|$i|"
> >|foo bar|
> >
> >Signed-off-by: Dave Reisner<dreisner at archlinux.org>
>
>
> No signoff... with single quotes it does not actually do the
> variable substitutions which is the whole point.
>
> > _ver=1.8.2
> > i='${_ver/[a-z]/.${_ver//[0-9.]/}}'
> > echo $i
> ${_ver/[a-z]/.${_ver//[0-9.]/}}
>
> > eval i='$i'
> > echo $i
> ${_ver/[a-z]/.${_ver//[0-9.]/}}
>
>
> > eval i="$i"
> > echo $i
> 1.8.2
>
>
> So what is really needed is:
> eval i=\"$i\"
>
> Allan
>
>
>
I hate eval. I'll fix my patch.
d
More information about the pacman-dev
mailing list