http://www.perlmonks.org?node_id=11113741


in reply to Re^2: system() call mis-directs?
in thread system() call mis-directs?

ShellQuote::Any

The code currently looks like this:

package ShellQuote::Any; use strict; use warnings; our $VERSION = '0.04'; sub import { my $caller = caller; no strict 'refs'; ## no critic *{"${caller}::shell_quote"} = \&shell_quote; } sub shell_quote { my ($cmd, $os) = @_; if ($os) { _require($os); return _is_win32($os) ? _win32_quote($cmd) : _bourne_quote($cm +d); } else { _q()->($cmd); } } my $Q; sub _q { return $Q if $Q; _require($^O); if ( _is_win32($^O) ) { $Q = \&_win32_quote; } else { $Q = \&_bourne_quote; } return $Q; } my %K; sub _require { my ($os) = @_; return $K{$os} if $K{$os}; my $klass = _is_win32($os) ? 'Win32/ShellQuote.pm' : 'String/Shell +Quote.pm'; $K{$os} = $klass; require "$klass"; ## no critic } sub _win32_quote { my ($cmd) = @_; Win32::ShellQuote::cmd_escape(join ' ', @$cmd); } sub _bourne_quote { my ($cmd) = @_; String::ShellQuote::shell_quote(@$cmd); } sub _is_win32 { my ($os) = @_; return $os =~ m!^(?:MS)?Win(?:32)?$!i ? 1 : 0; } 1;

Just from looking at the names of the functions, it has only two modes of operation: Either Windows, or Bourne Shell. No code for handling cygwin, OS/2 or DOS, so those three will be treated as Bourne Shell, which is plain wrong.

On Windows, you simply can not win the quoting game. Any code pretending to be able to do so is broken.

Assuming that all other systems use a bourne-compatible shell as default shell is at least optimistic. Severals systems have a korn shell as default, others even use a csh. See Various system shells.

Looking at the documentation of String::ShellQuote, handling the non-Windows part, the problem is obvious without even reading the source:

BUGS

Only Bourne shell quoting is supported. I'd like to add other shells (particularly cmd.exe), but I'm not familiar with them. It would be a big help if somebody supplied the details.

It seems nobody cared during the last 10 years, and the author either had no time to RTFM, or had no idea where to search for shell man pages.

So, with ShellQuote::Any, you are essentially lost if the current default shell is no bourne shell. I did not bother to read the quoting code in String::ShellQuote. As is, it is broken anyway, and with it ShellQuote::Any. Yes, it may work on many systems in their default configuration, but it won't do its job on all systems. It does not even prevent stupid things from happening on unknown systems.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)