I am trying to parse untrusted strings and represent in a form that
would be safe to execute.
So assuming as-echo.sh defined as below for example:
cmd="echo"
for a in "$@"
do
cmd="$cmd '${a/\'/''}'"
done
echo "$cmd"
eval "$cmd"
Then:
as-echo.sh 'a' '$(foobar)' 'c'
would produce:
Hello Chet,
hello Raph,
I was involved in the discussion on IRC (Freenode / #bash) yesterday,
maybe I can give one or the other comment.
It took a while for us to find out why it happens. When we knew it, and
after some discussion, we agreed that the easiest way would be to make
Bash able to init
