Possible alternative approach: if the path contains any suspicious
characters, create a temporary symlink with a safe name, and pass that
symlink to eval instead.
I'm not sure it's a _better_ approach, but maybe worth considering.
(I stole the idea from run-mailcap(1).)
* Axel Beckert <a...@debian.org>, 2023-02-19 05:47:
So I came up with the following fix which uses command instead of eval,
and bash pattern substitution to replace %s with the file name instead
letting printf inside an $() doing the substitution:
I fear that someone might be using -m or -o with shell constructs that
this change will break. Maybe it's a good tradeoff, but it should be
documented.
+ cmdarr=($@)
You should disable glob expansion here.
+ for i in ${!cmdarr[@]}; do
+ cmdarr[$i]="${cmdarr[$i]/\%s/$replacement}"
+ done
You should either replace all %s occurrences, or just the first one. The
above code sits oddly in the middle: it replaces the first occurrence in
every argument.
- eval $(printf "gzip -dc $PWD/$return | $othercmdline")
+ gzip -dc "$PWD/$return" | replace_percent_s_and_execute '-'
"$othercmdline"
Passing "-" instead of skipping the argument is another potential
incompatibility.
--
Jakub Wilk
