On Sat, 2007-03-31 at 00:32 +0200, J.B.C.Engelen@...1578... wrote:
I just fixed a bug: string parameters were not escaped causing problems when using " . Also $ bugs on linux, because it tries to replace $... with a defined variable; if there are other operating systems that need escaping of $ aswell, please add them to the #ifdef in /src/extension/parameter.cpp line 19. I only know Linux and Windows and cannot check for other operating systems. Maybe a make check something should be added for this! (i don't know how, sorry)
Sounds like something good to do, I'm curious if we shouldn't do it more generally in the script implementation though.
Kees, is there some way to validate a command line to make sure you're not causing any security holes by calling shell variables that you don't mean to? It seems like there should be something generic out there.
--Ted