On 10/05/10 13:49, Martijn Koster wrote:
You're much better off avoid this problems: don't invoke shell commands with filenames or other unsafe input. For example:
$ find . -mindepth 1 -type d -print0 | xargs -0 -n 1 echo ./single'quote ./|bardir
What happens here is that your filename is written to stdout (terminated with a null character), read by xargs in the same way, and then passed as an argument to echo during an exec system call; it never gets near a shell.
Ah, that would be what I was after. In fact I already knew the answer had I dug deep enough into the old brain memory!
"sort", "uniq" and "grep" all support null character delimited input/output so I guess that the script you gave me to start with could be reworked to avoid problems, although I haven't tested it.
And if you find yourself doing non-trivial logic (like in your example), use a scripting language where you just pass the string around different parts of the program in a variable, and eventually to some system call. Mind you, scripting languages have their own string meta characters and interpolation behaviour with associated quoting/escaping mechanisms, so you still need to be careful.
That did cross my mind; at least it would mean picking an environment in which I'm more familiar so I'd see the pitfalls earlier and know how to solve them. But on the other hand, I prefer the bash option as it's something I *should* know much better than I do.