test-parse-duration.sh has a security flaw: If TMPDIR is set to a filename containing spaces, the test will erase an unrelated directory with 'rm -rf' !!!
I'm fixing it like this. Proper double-quote quoting everywhere. (Yes, Ralf, I know the double-quoting is not needed in 1 of the 5 places. But it's easier for people to learn it by putting the double-quotes systematically.) 2008-12-16 Bruno Haible <[email protected]> * tests/test-parse-duration.sh: Fix quoting of $tmp and $tmpf expressions. --- tests/test-parse-duration.sh.orig 2008-12-16 12:31:45.000000000 +0100 +++ tests/test-parse-duration.sh 2008-12-16 12:28:31.000000000 +0100 @@ -46,10 +46,10 @@ } func_tmpdir -trap "rm -rf ${tmp}" EXIT -tmpf=${tmp}/tests.txt +trap 'rm -rf "${tmp}"' EXIT +tmpf="${tmp}/tests.txt" -cat > ${tmpf} <<- _EOF_ +cat > "${tmpf}" <<- _EOF_ 1 Y 2 M 3 W 4 d 5 h 6 m 7 s P 00010225 T 05:06:07 P 1Y2M3W4D T 5H6M7S @@ -59,9 +59,9 @@ P 1-2-25 T 5:6:7 _EOF_ -ls -l $tmpf +ls -l "${tmpf}" -exec 3< ${tmpf} +exec 3< "${tmpf}" while read -u3 line do v=`${exe} "${line}"` || die "Failed: ${exe} '${line}'"
