Re: Quote fixes for urar.in

From: Roland Illig <roland illig gmx de>
To: Oswald Buddenhagen <ossi kde org>
Cc: mc-devel gnome org
Subject: Re: Quote fixes for urar.in
Date: Sun, 09 Jan 2005 18:10:02 +0100

Oswald Buddenhagen wrote:

    test -z "$dir" && dir=.
-    if test -x $dir/unrar -a -f $dir/unrar; then
+    if test -x "$dir/unrar" -a -f "$dir/unrar"; then


just put the IFS reset below the loop (where it fits better anyway) and
no quoting is necessary any more for (hopefully) obvious reasons.

Assuming that $dir does not contain any asterisk nor brackets notquestion marks, you may be right. Otherwise you are not.

-	UNRAR=$dir/unrar
+	UNRAR="$dir/unrar"


superfluous in any case.

But I like to tell the reader of the code that I'm doing string handlinghere. For simple assignments like a=$b, I would perhaps leave the quotesout, but for anything more complicated I need them to feel good.

-    dir=`mktemp -d ${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX` || exit 1
-    cd $dir
+    dir=`mktemp -d "${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX"` || exit 1
+    cd "$dir"

mkdir -p "$2"


ever seen a temp dir with spaces? otoh, maybe you want mc to be the sort
of only program that would cope with such a situation gracefully. :)

I would like to be able to run mc as root (e.g. after su(1)ing) withoutbeing frightened about improper quoting. Second, I do not want mc belongto the great number of programs whose authors don't consider securityissues. That wouldn't be good for my reputation. ;)



-    if it works, it must be right
+    it only works if it is right

:)

Roland

References:
- Quote fixes for urar.in
  - From: Leonard den Ottolander
- Re: Quote fixes for urar.in
  - From: Roland Illig
- Re: Quote fixes for urar.in
  - From: Oswald Buddenhagen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]