On Wed, Oct 03, 2007 at 06:01:59PM +0000, tony.chamberlain@xxxxxxxxx wrote: > > > I guess I was asking in general how you can be sure your variables are safe. > Maybe it is more complicated than that? I really have just heard warnings from > everyone, so I was taking pre-emptive measures. > > I tried a few things myself too and also could not get that problem. > > I tried making a file called test and doing things like > > K="$1" > echo $K > > > and then calling > > test "hello\";date" > > a nd > FIL="$1" > ls $FIL > > but that seemed to be OK > test "hello /etc/* bye" Is one instance where the expansion is performed (with ls & echo). That will cause problems with things like rm, etc. -- lfr 0/0
Attachment:
pgprZct66eisW.pgp
Description: PGP signature
