Koblinger Egmont wrote:
> > The Bash manual only mentions the $"..." facility, but I cannot recommend
> > using this facility, as it has a security hole by design.
>
> I was just planning to use this feature. Could you please tell something
> (e.g. a link) about this "security hole by design"?
See the GNU gettext-0.14.5 manual, section "bash - Bourne-Again Shell Script":
A translator could - voluntarily or inadvertantly - use backquotes
`"`...`"' or dollar-parentheses `"$(...)"' in her translations.
The enclosed strings would be executed as command lists by the
shell.
Bruno
--
Linux-UTF8: i18n of Linux on all levels
Archive: http://mail.nl.linux.org/linux-utf8/
