[Live-demo] shell script quoting for paths and file names
Hamish
hamish_b at yahoo.com
Thu Sep 2 16:11:56 PDT 2010
Hi,
as I edit the scripts I notice a lot of ${FILENAME}. fyi this
does not protect from spaces (or other chars) in path names. in
that context it is mostly useful to terminate the variable name,
e.g. as in "${FILENAME}_$DATE.txt", as "_" would otherwise
continue the variable name.
quote as "$FILENAME" instead to keep it as a single arguement,
but don't quote * wildcards as that will make them literal chars.
this isn't really a bug for us as we build in a controlled
environment, but it is good practice and helps protect against
the shell equivalent of SQL-injection attacks (but more likely
self-inflicted bugs).
Hamish
(once burnt by `rm -rf ${TMP}*` when `tempfile` failed and $TMP
was empty)
More information about the Osgeolive
mailing list