Proposal for


I think we could collect some wisdom of how to properly write shell scripts. This is my first draft:

Writing Portable and Secure Shell Scripts

1. Shell Quoting

Generally, enclose all variables and strings in double quotes. Pay attention to backticks, dollar signs and backslashes, as they are interpreted in double quotes.

One exception could be assignments a=$b, where no quoting is necessary. But for uniformity of the code I suggest we write a="$b" in this case, too.

In the assignment a=`command` I would prefer not to quote the command.

2. Quoting File Names

File names that start with a special character [^A-Za-z0-9_./] might be interpreted as command line option by shell commands. Therefore file names should be quoted using the mc_shellquote function:

# example: qfname=`mc_shellquote "$fname"`
mc_shellquote() {
  case "$1" in [A-Za-z0-9_./]*) echo "$1";; *) echo "./$1";; esac



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]