On Thu, 6 Apr 2006 03:38:20 +1000 David Seikel <[EMAIL PROTECTED]> babbled:
> On Wed, 05 Apr 2006 12:24:37 -0400 Mike Russo <[EMAIL PROTECTED]> wrote: > > > Ecore_exe will try to avoid using "sh -c" to execute a program if it > > can. If the command line contains shell meta characters (defined as > > any combination of |&;<>$'\"'*?#) it will use the user's shell to > > execute the command, otherwise it will execute it directly. > > > > Unfortunately this causes a problem if the user's shell is csh/tcsh > > and the command line contains a ? character. I noticed this problem > > because dEvian's RSS face uses ecore_exe in order to launch a web > > browser with the URL as the command line argument, and if the URL > > contains a ? ecore_exe will try to use tcsh to execute it, and this > > will only work if the ? is escaped with a \. Not even including the > > command line between single quotes > > I've thought about this for a bit, and experimented with csh > (I've never used it before). > > ecore_exe has no idea what the intention of the person that built the > command line is. Do we escape all meta chars or not? If the meta > characters are actually in there as actual shell meta characters to be > passed to a shell, then we just broke something. Do we try to detect > what shell is in use to escape the meta characters properly? Too many > shells to deal with. no - the command-line provided SHOULD already be escaped. since its a single string - it is just illogical/impossible to expect otherwise as you cannot tell a space from being a command/parameter delimiter from being part of a command or parameter without escaping for starters. the solution might be to provide an escaper that lets you build a comamndline - maybe an ecore_exe_snprintf() that has a %E (thats used by printf - but you get the idea), OR maybe a simple char *cmd; cmd = ecore_exe_command_parameter_append(cmd, "firefox"); cmd = ecore_exe_command_parameter_append(cmd, "http://www.blah.com?f=10";); ecore_exe_run(cmd, NULL); free(cmd); etc. and whatever is passed in is escaped and appended (after a space) so that a shell would interpret it correctly (the first param is the command, everything after that is 1 argument at a time). that would be a nice helper, but it doesn't negate needing to escape it due to it being a single string. > I suspect that the best solution is to have the person constructing the > command line worry about escaping shell meta characters, as they know > what they want the command line to do. This makes it a dEvian problem. yup - all we can do is provide helpers. > On the other hand, I can see that allowing programs to ask ecore_exe > to use /bin/sh instead of whatever shell the user prefers to use would > be a good idea. Maybe even letting programs choose the shell to use, > and leave it up to them to detect if the shell exists. If the program > asks ecore_exe to use a shell that doesn't exist, then the same thing > will happen that would normally happen when trying to ecore_exe any > program that doesn't exist. the pipe stuff supports it with flags :) -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [EMAIL PROTECTED] 裸好多 Tokyo, Japan (東京 日本) ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
