I have to write some BASH scripts.
We have all heard about security problems with shell variables
(i.e. when entering a name someone enters something like "Tony; rm -rf /root/*" )
so that if the BASH scripts echoes it will will do something like echo Tony; rm -rf /root/*.
Now we have honest users here, but I still want to do some checks. If I read in or get a shell variable from a user
I could do something like
echo "$VAR" | grep '[^a-zA-Z/_-]'
if [ $? -eq 0 ]
then
echo "You have entered a bad character"
exit 1
fi
but that still runs into the problem like above with the echo. I also could do
case "$VAR" in
\;|\:) echo "you have a bad character"
;;
esac
but I am not sure that is best either. Is there anyway to validate shell variables?
I know _javascript_, etc., has something like url_encode()
