Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine

Re: Re: system, pipes, shell, quoting

by vaevictus (Pilgrim)
on Nov 13, 2002 at 20:32 UTC ( #212681=note: print w/replies, xml ) Need Help??

in reply to Re: system, pipes, shell, quoting
in thread system, pipes, shell, quoting

++ for rinceWind, because you should *SERIOUSLY* read what Ovid says there. If I gave examples of what you want codewise, I'd basically be regurgitating Ovid's CGI course, except he also goes into great detail to explain the how's and why's and more importantly, the *why nots*.

Replies are listed 'Best First'.
Re: Re: Re: system, pipes, shell, quoting
by superpete (Beadle) on Nov 14, 2002 at 05:39 UTC
    ok I'll bite. I quickly read Ovid's tutorial. Anyhow, I made a solution that combines some of the suggestions in this discussion, and SAFELY uses the shell for truly arbitrary filenames.

    Let me know if you can break it, I actually think I got it right (famous last words)

    # each filename is wrapped in quotes # so we only need to escape characters which have # special meaning to the shell - when it interpolates # in double-quotes. there are only 4 such characters, # namely " ` $ and \ # interestingly, newline is NOT one of these... sub quote_for_shell { my ($x) = @_; $x =~ s/([\"\`\$\\])/\\$1/g; return "\"" . $x . "\""; } @command_line = ( quote_for_shell( $prog1 ), quote_for_shell( $file1 ), "|", quote_for_shell( $prog2 ), "-x -y", "|", quote_for_shell( $prog3 ), ">", quote_for_shell( $file3 ) ) system join " ", @command_line;

    I tested this successfully on a randomly generated directory tree full of randomly-generated filenames made up of chr(rand(128)) except "/" and "\0". Actually, $prog1, $file1, etc can have "/" in them because they might be pathnames.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://212681]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (4)
As of 2022-01-24 08:06 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (64 votes). Check out past polls.