Quote fixes for urar.in
Roland Illig
roland.illig at gmx.de
Sun Jan 9 17:10:02 UTC 2005
Oswald Buddenhagen wrote:
>> test -z "$dir" && dir=.
>>- if test -x $dir/unrar -a -f $dir/unrar; then
>>+ if test -x "$dir/unrar" -a -f "$dir/unrar"; then
>
> just put the IFS reset below the loop (where it fits better anyway) and
> no quoting is necessary any more for (hopefully) obvious reasons.
Assuming that $dir does not contain any asterisk nor brackets not
question marks, you may be right. Otherwise you are not.
>>- UNRAR=$dir/unrar
>>+ UNRAR="$dir/unrar"
>
> superfluous in any case.
But I like to tell the reader of the code that I'm doing string handling
here. For simple assignments like a=$b, I would perhaps leave the quotes
out, but for anything more complicated I need them to feel good.
>>- dir=`mktemp -d ${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX` || exit 1
>>- cd $dir
>>+ dir=`mktemp -d "${MC_TMPDIR:-/tmp}/mctmpdir-urar.XXXXXX"` || exit 1
>>+ cd "$dir"
>> mkdir -p "$2"
>>
>
> ever seen a temp dir with spaces? otoh, maybe you want mc to be the sort
> of only program that would cope with such a situation gracefully. :)
I would like to be able to run mc as root (e.g. after su(1)ing) without
being frightened about improper quoting. Second, I do not want mc belong
to the great number of programs whose authors don't consider security
issues. That wouldn't be good for my reputation. ;)
- if it works, it must be right
+ it only works if it is right
:)
Roland
More information about the mc-devel
mailing list