bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] make function local


From: Chet Ramey
Subject: Re: [Help-bash] make function local
Date: Mon, 13 Apr 2015 09:01:42 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

On 4/13/15 8:33 AM, Greg Wooledge wrote:
> On Sat, Apr 11, 2015 at 01:27:53PM -0400, Chet Ramey wrote:
>> On 4/10/15 11:09 AM, Greg Wooledge wrote:
>>> - Fix the $"..." security hole (I tried and failed).
>>>   http://www.gnu.org/software/gettext/manual/html_node/bash.html
>>
>> Yeah, I didn't like the all-or-nothing choice the patch implemented.  If
>> command substitution is the problem, a better approach would have been to
>> inhibit command substitution instead of every word expansion.  That's just
>> not easy to do at the point where locale transformation gets done -- it
>> requires processing the translated string to insert some kind of quoting.
> 
> I'm skeptical about any substitutions being performed in a translated
> string.  While I don't have real-life experience writing localized
> shell scripts, I would *think* the correct way to put variables in a
> translated string is:
> 
> printf $"Hello, %s.  Welcome to %s." "$LOGNAME" "$HOSTNAME"

Maybe, but your original post on the subject contained this sentence:

But people I've talked with said there were using
$"foo $bar" in practice, so this definitely affects them.

so the problem is real regardless of our skepticism.

> 
> As the script writer, I would want some guarantee that the translated
> string won't undergo any substitutions at all (especially not command
> substitutions, but even something like $1 in the translation, expanded to
> whatever garbage is in the positional parameters, would make the output
> appear wrong). 

Unless you want the substitution to take place.


-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]