[Gllug] PHP Guru's

Nix nix at esperi.org.uk
Mon Jul 19 22:39:06 UTC 2010


On 19 Jul 2010, salsaman at xs4all.nl outgrape:

> On Mon, July 19, 2010 16:56, Richard Jones wrote:
>> That's not what Tet was talking about.
>>
>> What happens to your code:
>>
>>     com=g_strdup_printf("/bin/rm -rf %s",dir);
>>     dummyvar=system(com);
>>
>> if the string dir contains a space, like dir = "/foo /"?
>>
>
> This is already checked for elsewhere in the code befor caling this
> function. I suppose I should have mentioned this.

How do you know what characters the user's chosen /bin/sh happens to
use? Note that some platforms have historically used shells like zsh as
/bin/sh, and even in sh emulation mode, zsh has more metacharacters than
Solaris's ancient /bin/sh (which in its turn has a different set
than POSIX sh, due to POSIX sh adding more and Solaris /bin/sh being
buggier than a barrelful of woodlice).

system() with composed strings is Bad. Avoid avoid avoid. (In fact, more
generally, system() is Bad in and of itself, and
fork()/execvp()/waitpid() is easy enough that there's no excuse for
using system() ever.)
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list