[Live-demo] shell script quoting for paths and file names

Brian Hamlin maplabs at light42.com
Thu Sep 2 19:49:46 EDT 2010


On Sep 2, 2010, at 4:11 PM, Hamish wrote:

> as I edit the scripts I notice a lot of ${FILENAME}. fyi this
> does not protect from spaces (or other chars) in path names. in
> that context it is mostly useful to terminate the variable name,
> e.g. as in "${FILENAME}_$DATE.txt", as "_" would otherwise
> continue the variable name.
>
> quote as "$FILENAME" instead to keep it as a single arguement,
> but don't quote * wildcards as that will make them literal chars.
>
> this isn't really a bug for us as we build in a controlled
> environment, but it is good practice and helps protect against
> the shell equivalent of SQL-injection attacks (but more likely
> self-inflicted bugs).
>
>
> Hamish
> (once burnt by `rm -rf ${TMP}*` when `tempfile` failed and $TMP
> was empty)
>
>

there's a case to be made to move away from BASH altogether!
or, as much as possible
I'd suggest python


   once again acknowledging Hamish's steadfast efforts
     -Brian


>
>
> _______________________________________________
> Live-demo mailing list
> Live-demo at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/live-demo
> http://wiki.osgeo.org/wiki/Live_GIS_Disc
>



More information about the Live-demo mailing list