Quote fixes for urar.in

Roland Illig roland.illig at gmx.de
Sun Jan 9 17:10:02 UTC 2005


Oswald Buddenhagen wrote:
>>     test -z "$dir" && dir=.
>>-    if test -x $dir/unrar -a -f $dir/unrar; then
>>+    if test -x "$dir/unrar" -a -f "$dir/unrar"; then
> 
> just put the IFS reset below the loop (where it fits better anyway) and
> no quoting is necessary any more for (hopefully) obvious reasons.

Assuming that $dir does not contain any asterisk nor brackets not 
question marks, you may be right. Otherwise you are not.

>>-	UNRAR=$dir/unrar
>>+	UNRAR="$dir/unrar"
> 
> superfluous in any case.

But I like to tell the reader of the code that I'm doing string handling 
here. For simple assignments like a=$b, I would perhaps leave the quotes 
out, but for anything more complicated I need them to feel good.

>>-    dir=`mktemp -d ${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX` || exit 1
>>-    cd $dir
>>+    dir=`mktemp -d "${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX"` || exit 1
>>+    cd "$dir"
>>     mkdir -p "$2"  
>>
> 
> ever seen a temp dir with spaces? otoh, maybe you want mc to be the sort
> of only program that would cope with such a situation gracefully. :)

I would like to be able to run mc as root (e.g. after su(1)ing) without 
being frightened about improper quoting. Second, I do not want mc belong 
to the great number of programs whose authors don't consider security 
issues. That wouldn't be good for my reputation. ;)


-    if it works, it must be right
+    it only works if it is right

:)

Roland



More information about the mc-devel mailing list