Re: Quote fixes for

Oswald Buddenhagen wrote:
    test -z "$dir" && dir=.
-    if test -x $dir/unrar -a -f $dir/unrar; then
+    if test -x "$dir/unrar" -a -f "$dir/unrar"; then

just put the IFS reset below the loop (where it fits better anyway) and
no quoting is necessary any more for (hopefully) obvious reasons.

Assuming that $dir does not contain any asterisk nor brackets not question marks, you may be right. Otherwise you are not.

-	UNRAR=$dir/unrar
+	UNRAR="$dir/unrar"

superfluous in any case.

But I like to tell the reader of the code that I'm doing string handling here. For simple assignments like a=$b, I would perhaps leave the quotes out, but for anything more complicated I need them to feel good.

-    dir=`mktemp -d ${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX` || exit 1
-    cd $dir
+    dir=`mktemp -d "${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX"` || exit 1
+    cd "$dir"
mkdir -p "$2"

ever seen a temp dir with spaces? otoh, maybe you want mc to be the sort
of only program that would cope with such a situation gracefully. :)

I would like to be able to run mc as root (e.g. after su(1)ing) without being frightened about improper quoting. Second, I do not want mc belong to the great number of programs whose authors don't consider security issues. That wouldn't be good for my reputation. ;)

-    if it works, it must be right
+    it only works if it is right



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]