> Am 22.09.2016 um 15:23 schrieb Greg Wooledge <wool...@eeg.ccf.org>:
> On Wed, Sep 21, 2016 at 11:15:45PM -0400, mobatu...@yahoo.ca wrote:
>> In Summary:
>> declare -a "$string"       # results in execution of $string
>> declare -a a=($string)    # does not result in execution of $string
> This is why you don't use the first form.  It's the same with eval --
> if you don't have full control over the statement being eval'ed, then
> you risk undesired code execution.

Even without `eval` it's dangerous, i.e. specifying solely $ExecuteThisData on 
the command line.

-- Reuti

> Your second form also has some issues.  The contents of $string will
> undergo word splitting and then pathname expansion (globbing).  This could
> cause unexpected results if any of the words expands to a glob pattern
> which matches actual files.  If you want to split a string into an array,
> this is safer as long as the string does not contain any newlines:
> read -ra a <<< "$string"
> If the string contains newlines, then:
> read -rd '' -a a <<< "$string"
> Of course, this read command will always exit with status "1" because
> it never finds a NUL byte.  That's only a problem if you use set -e,
> which of course no sane person should be doing....

Reply via email to