[Live-demo] shell script quoting for paths and file names

Hamish hamish_b at yahoo.com
Thu Sep 2 16:11:56 PDT 2010


as I edit the scripts I notice a lot of ${FILENAME}. fyi this
does not protect from spaces (or other chars) in path names. in
that context it is mostly useful to terminate the variable name,
e.g. as in "${FILENAME}_$DATE.txt", as "_" would otherwise
continue the variable name.

quote as "$FILENAME" instead to keep it as a single arguement,
but don't quote * wildcards as that will make them literal chars.

this isn't really a bug for us as we build in a controlled
environment, but it is good practice and helps protect against
the shell equivalent of SQL-injection attacks (but more likely
self-inflicted bugs).

(once burnt by `rm -rf ${TMP}*` when `tempfile` failed and $TMP
was empty)


More information about the Osgeolive mailing list