[Gllug] PHP Guru's
nix at esperi.org.uk
Mon Jul 19 22:39:06 UTC 2010
On 19 Jul 2010, salsaman at xs4all.nl outgrape:
> On Mon, July 19, 2010 16:56, Richard Jones wrote:
>> That's not what Tet was talking about.
>> What happens to your code:
>> com=g_strdup_printf("/bin/rm -rf %s",dir);
>> if the string dir contains a space, like dir = "/foo /"?
> This is already checked for elsewhere in the code befor caling this
> function. I suppose I should have mentioned this.
How do you know what characters the user's chosen /bin/sh happens to
use? Note that some platforms have historically used shells like zsh as
/bin/sh, and even in sh emulation mode, zsh has more metacharacters than
Solaris's ancient /bin/sh (which in its turn has a different set
than POSIX sh, due to POSIX sh adding more and Solaris /bin/sh being
buggier than a barrelful of woodlice).
system() with composed strings is Bad. Avoid avoid avoid. (In fact, more
generally, system() is Bad in and of itself, and
fork()/execvp()/waitpid() is easy enough that there's no excuse for
using system() ever.)
Gllug mailing list - Gllug at gllug.org.uk
More information about the GLLUG