On Fri, Dec 06, 2019 at 12:06:10PM -0500, songbird wrote:
> #this doesn't work...
> old_summary=`echo "Previous glitches and inconsistencies were due to a
> missing / at the end of the baseurl... ,.#*$+%*$&#+(*={_})"`
> result=`echo "summary: \"\"" | sed -e "s/^summary: .*$/summary:
> \"${old_summary}\"/"`
Code injection.
> my question is about why i need to pre-process the summary to escape the
> slash? i use other characters in the summaries without issues just that
> slash causes problems... ?????
Ideally, you'd just stop trying to use sed with user-supplied variables
injected into the code. Sed was never built to be safe for that kind of
work.
There are some alternatives at <https://mywiki.wooledge.org/BashFAQ/021>
including one using perl which handles arbitrary user-supplied search
and replace variables safely.
