> Am 22.09.2016 um 15:23 schrieb Greg Wooledge <wool...@eeg.ccf.org>: > > On Wed, Sep 21, 2016 at 11:15:45PM -0400, mobatu...@yahoo.ca wrote: >> In Summary: >> >> declare -a "$string" # results in execution of $string >> declare -a a=($string) # does not result in execution of $string > > This is why you don't use the first form. It's the same with eval -- > if you don't have full control over the statement being eval'ed, then > you risk undesired code execution.
Even without `eval` it's dangerous, i.e. specifying solely $ExecuteThisData on the command line. -- Reuti > Your second form also has some issues. The contents of $string will > undergo word splitting and then pathname expansion (globbing). This could > cause unexpected results if any of the words expands to a glob pattern > which matches actual files. If you want to split a string into an array, > this is safer as long as the string does not contain any newlines: > > read -ra a <<< "$string" > > If the string contains newlines, then: > > read -rd '' -a a <<< "$string" > > Of course, this read command will always exit with status "1" because > it never finds a NUL byte. That's only a problem if you use set -e, > which of course no sane person should be doing.... >
