[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-bash] make function local
From: |
Chet Ramey |
Subject: |
Re: [Help-bash] make function local |
Date: |
Mon, 13 Apr 2015 09:01:42 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
On 4/13/15 8:33 AM, Greg Wooledge wrote:
> On Sat, Apr 11, 2015 at 01:27:53PM -0400, Chet Ramey wrote:
>> On 4/10/15 11:09 AM, Greg Wooledge wrote:
>>> - Fix the $"..." security hole (I tried and failed).
>>> http://www.gnu.org/software/gettext/manual/html_node/bash.html
>>
>> Yeah, I didn't like the all-or-nothing choice the patch implemented. If
>> command substitution is the problem, a better approach would have been to
>> inhibit command substitution instead of every word expansion. That's just
>> not easy to do at the point where locale transformation gets done -- it
>> requires processing the translated string to insert some kind of quoting.
>
> I'm skeptical about any substitutions being performed in a translated
> string. While I don't have real-life experience writing localized
> shell scripts, I would *think* the correct way to put variables in a
> translated string is:
>
> printf $"Hello, %s. Welcome to %s." "$LOGNAME" "$HOSTNAME"
Maybe, but your original post on the subject contained this sentence:
But people I've talked with said there were using
$"foo $bar" in practice, so this definitely affects them.
so the problem is real regardless of our skepticism.
>
> As the script writer, I would want some guarantee that the translated
> string won't undergo any substitutions at all (especially not command
> substitutions, but even something like $1 in the translation, expanded to
> whatever garbage is in the positional parameters, would make the output
> appear wrong).
Unless you want the substitution to take place.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
- Re: [Help-bash] make function local, Peng Yu, 2015/04/09
- Re: [Help-bash] make function local, Chet Ramey, 2015/04/10
- Re: [Help-bash] make function local, Eduardo A . Bustamante López, 2015/04/12
- Re: [Help-bash] make function local, Chet Ramey, 2015/04/13
- Re: [Help-bash] make function local, Chet Ramey, 2015/04/16
- Bash performance when declaring variables (was: Re: [Help-bash] make function local), Eduardo A . Bustamante López, 2015/04/16
- Re: Bash performance when declaring variables, Chet Ramey, 2015/04/17
- Re: Bash performance when declaring variables, Eduardo A . Bustamante López, 2015/04/17
- Re: [Help-bash] make function local, Chet Ramey, 2015/04/16
- Re: [Help-bash] make function local, Dan Douglas, 2015/04/16
- Re: [Help-bash] make function local, Chet Ramey, 2015/04/16