View the Most Wanted LQ Wiki articles.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 03-04-2005, 10:50 AM   #1
Senior Member
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,195

Rep: Reputation: 265Reputation: 265Reputation: 265
safe script parameters

Hi all.

I don't know if this is really a programming question, it's more about how to do parameter handling safely in scripts.

I have a script that takes one parameter that's supposed to be a filename, e.g.:

echo $1 >logs/processed-files.log
tar -rf tarfiles/stuff.tar $1

This failes when there is a space in a filename. So a dirty fix is to use "$1" instead. But what about e.g.
./ "\" ; rm * ; \""

PHP has a function called EscapeShellArg for this, so I guess it's a common problem.

What's the proper Unix way of doing this? Some sed magic?

Best regards,
Old 03-04-2005, 12:19 PM   #2
Senior Member
Registered: Mar 2004
Distribution: Slackware
Posts: 4,617

Rep: Reputation: 137Reputation: 137
You're more or less protected with system permissions.

As I can see, it is not a security problem here, as if the user who run your program
has the right to do this, he has also the right to run it directly in the shell.

If you want to run it as CGI, you have to conform with CGI standards and add
a security checking for the program parameter but as the script is run by apache
user and if apache is correctly configured (and permissions for Document Root too)
the risks are minimal


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Passing parameters to a shell script neocookie Linux - General 5 10-20-2005 11:44 AM
Passing parameters to bash script Kamikazee Programming 4 10-01-2005 06:41 AM
passing parameters to functions in shell script kushalkoolwal Programming 1 09-28-2005 02:40 PM
Passing Parameters to Bash Script mooreted Linux - Software 3 04-05-2004 09:08 PM
passing java parameters to a unix script nephilim Programming 25 10-22-2003 10:51 AM

All times are GMT -5. The time now is 02:12 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration