Re: eval a=b\ c

[Linda Walsh]

Dennis Williamson wrote:
> I'm trying to put a command in a variable, but the complex cases always 
> fail! : http://mywiki.wooledge.org/BashFAQ/050
>
> Eval command and security issues : http://mywiki.wooledge.org/BashFAQ/048
----
Dunno, but I see nothing on that page about using 
printf -v "%q" or using single quotes inside of doubles... in his
first example:
# This code is evil and should never be used! 
fifth() { 
_fifth_array=$1 
eval echo "\"The fifth element is \${$_fifth_array[4]}\"" # DANGER!
}
a=(zero one two three four five) 
fifth a
---------------
Had been written:
fifth() {        
printf -v _fifth_array "%q" "$1"
eval echo "'The fifth element is ${ echo "${_fifth_array[4]}" }'" 
}
---
Then his arbitrary arg function throws  an error:
> fifth 'x}'; date;
-bash: 'The fifth element is ${ echo "${_fifth_array[4]}" }': bad substitution

----
However, if someone takes user input... it needs to be way sterilized --
i.e. if expecting a single char -- only accept a single char.
if expecting a number... ${i//[^0-9]/} :
i=948392480
Ishtar:law> echo ${i//[^0-9]/}
948392480
i=9'\010'3{92}480              
echo ${i//[^0-9]/}
9010392480

---  
But I think a difference between greg's thinking and mine is that
I tend to write scripts to help me do things on my system.

If someone else wants to use my scripts -- and then use them to try to
break into  their own system....um... *oh well*... ;-)