David L Norris wrote:
> On Mon, 2006-10-16 at 18:35 -0700, Peter Karman wrote:
>>I think we might be over-thinking this. If the original issue that stringQuote()
>>was trying to address was simply that quotes in filenames cause problems, why
>>not just escape quotes, rather than trying to escape everything suspicious?
We should escape everything suspicious, because I was able to run a 'rm -rf'
with a file like this "mynicefilename.pdf;rm -rf /". The same applies to & |
, and more...
http://zaurus.palmopensource.com - The Zaurus Open Source Portal
http://www.drolez.com - Personal site - Linux and PalmOS stuff
Received on Mon Oct 16 23:33:55 2006