Jens Peter Secher wrote:
> 2009/9/17 Marek Grzybowski <[email protected]>:
>> Andrzej Lemieszek (in CC) found few more, and He escaped them, so use rcs
>> should be safe to:
>>
>> His patch:
>>
> [...]
>> + my $realfile_esc = &escape_shell_chars ($realfile);
> [...]
>> - `cp $realfile $compfile`;
>> + `cp $realfile_esc $compfile_esc`;
> [...]
>> +sub escape_shell_chars
>> +{
>> + my $arg = shift;
>> + $arg =~ s/[;<>\*\|`&\$!#\(\)\[\]\{\}:'"\s]/\\$&/g;
>> + return $arg;
>> +}
>
> This is not going work. When $realfile_esc is different from
> $realfile, then it makes no sense to copy the non-existent
> $realfile_esc. I will go for the solution of rejecting weird file
> names.
You right Jeans, it's no good enought witch "enters",
I also chcked ./bashline.c in bash sources:
/* characters that need to be quoted when appearing in filenames. */
rl_filename_quote_characters = " \t\n\\\"'@<>=;|&()#$`?*[!:{"; /*}*/
i do some tests, and come up witch this :
$ cat test.pl
#!/usr/bin/perl
use File::NCopy qw(copy);
# test file name
my $realfile="blablabla \t\n\\\"'@<>=;|&()#\$`?*[!:{";
my $realfile_esc = &escape_shell_chars ($realfile);
sub escape_shell_chars
{
my $arg = shift;
$arg =~ s/[']/\'\\$&'/g;
return "'".$arg."'";
}
print "$realfile\n";
print "$realfile_esc\n";
copy( "test.pl" , $realfile);
print `set -x cp test.pl $realfile_esc`
--
Pozdrawiam
Marek Grzybowski
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
