[pacman-dev] XferCommand substitutions and quoting
Xyne
xyne at archlinux.ca
Mon May 27 10:21:34 EDT 2013
Dave Reisner wrote:
>On May 25, 2013 1:02 PM, "Xyne" <xyne at archlinux.ca> wrote:
>>
>> Hi,
>>
>> The commented XferCommands in the default pacman.conf lack proper quoting.
>> Would you please add single quotes around the place holders "%u" and "%o"?
>
>I'd be opposed to this. The substitutions should be made to be shell safe
>(pre-quoted) so that the user doesn't need to worry about it.
I agree that the proper way to handle this is by shell-escaping the values
before calling the command, but I did not expect anyone to have any interest in
doing that. If someone wants to do that before the next release then that would
be great, but if not then the quotes would be better than nothing. Overall it
will ensure that more cases are correctly handled at the expense of a simple
edit.
Thanks.
More information about the pacman-dev
mailing list