[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[abcde] Re: Nasty shell evaluation

To: abcde@whimsica.lly.org
Subject: [abcde] Re: Nasty shell evaluation
From: Robert Woodcock <rcw@debian.org>
Date: Wed, 27 Mar 2002 08:25:44 -0800
Cc: Colin Stephen <cjs@eudimonia.org.uk>
Delivered-To: abcde@whimsica.lly.org
In-Reply-To: <20020326115846.GA2052@halcyon.intra.eudimonia.org.uk>
References: <20020326115846.GA2052@halcyon.intra.eudimonia.org.uk>
Reply-to: abcde@whimsica.lly.org
Sender: abcde-bounce@whimsica.lly.org
User-Agent: Mutt/1.3.27i

On Tue, Mar 26, 2002 at 11:58:46AM +0000, Colin Stephen wrote:
> Hi Robert,
> 
> I was encoding the following CD, and saw something alarming in the output.

Luckily this only affects inexact matches - I'd gotten the quoting right for
the other code paths. It can't cause code to be run AFAIK, it just allows
echo to expand unwanted things.

Here's the patch:
--- abcde	Sun Jan 27 21:44:02 2002
+++ abcde	Wed Mar 13 13:57:26 2002
@@ -686,7 +686,7 @@
 					read CDDBCHOICE
 					CDCHOICENUM=$(echo $CDDBCHOICE | xargs printf %d 2>/dev/null)
 				done
-				echo "Selected: #$CDCHOICENUM ($(grep ^DTITLE= $ABCDETEMPDIR/cddbread.$CDCHOICENUM | cut -f2- -d= | tr -d \\r\\n))" >&2
+				echo "Selected: #$CDCHOICENUM ($(grep ^DTITLE= "$ABCDETEMPDIR/cddbread.$CDCHOICENUM" | cut -f2- -d= | tr -d \\r\\n))" >&2
 				echo "cddb-choice=$CDCHOICENUM" >> "$ABCDETEMPDIR/status"
 			fi
 		fi

I'll include this with the next release.
-- 
Robert Woodcock - rcw@debian.org
"Hiring assassins [...] is not something Americans are very good at."
	-- Henry Kissinger
To unsubscribe: echo unsubscribe | mail abcde-request@whimsica.lly.org

References:
- [abcde] Nasty shell evaluation
  - From: Colin Stephen <cjs@eudimonia.org.uk>

Prev by Date: [abcde] Why no date or genre in the id3?
Next by Date: [abcde] Re: Why no date or genre in the id3?
Prev by thread: [abcde] Nasty shell evaluation
Next by thread: [abcde] Why no date or genre in the id3?
Index(es):
- Date
- Thread