8 Ocak 2021 Cuma tarihinde Chet Ramey <[email protected]> yazdı:
> On 1/8/21 5:20 AM, Oğuz wrote:
>
>> See:
>>
>> $ declare -A assoc=($'\n\'' 42)
>> $ for key in "${!assoc[@]}"; do (( assoc[$key]++ )); done
>> bash: ((: assoc[
>> ']++ : bad array subscript (error token is "assoc[
>> ']++ ")
>> $
>> $ (( assoc[${key@Q}]++ ))
>> bash: ((: assoc[$'\n\'']++ : bad array subscript (error token is
>> "assoc[$'\n\'']++ ")
>>
>
> This situation is why bash-5.0 introduced the `assoc_expand_once' option.
But it allows arbitrary command injection.
$ declare -A assoc
$ key='x],b[$(uname >&2)'
$ shopt -s assoc_expand_once
$ (( assoc[$key]++ ))
Linux
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
> ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, UTech, CWRU [email protected] http://tiswww.cwru.edu/~chet/
>
--
Oğuz
