[Live-demo] shell script quoting for paths and file names

Brian Hamlin maplabs at light42.com
Thu Sep 2 16:49:46 PDT 2010

On Sep 2, 2010, at 4:11 PM, Hamish wrote:

> as I edit the scripts I notice a lot of ${FILENAME}. fyi this
> does not protect from spaces (or other chars) in path names. in
> that context it is mostly useful to terminate the variable name,
> e.g. as in "${FILENAME}_$DATE.txt", as "_" would otherwise
> continue the variable name.
> quote as "$FILENAME" instead to keep it as a single arguement,
> but don't quote * wildcards as that will make them literal chars.
> this isn't really a bug for us as we build in a controlled
> environment, but it is good practice and helps protect against
> the shell equivalent of SQL-injection attacks (but more likely
> self-inflicted bugs).
> Hamish
> (once burnt by `rm -rf ${TMP}*` when `tempfile` failed and $TMP
> was empty)

there's a case to be made to move away from BASH altogether!
or, as much as possible
I'd suggest python

   once again acknowledging Hamish's steadfast efforts

> _______________________________________________
> Live-demo mailing list
> Live-demo at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/live-demo
> http://wiki.osgeo.org/wiki/Live_GIS_Disc

More information about the Osgeolive mailing list