On Fri, Aug 19, 2011 at 05:47:48AM +1000, Allan McRae wrote: > On 19/08/11 03:57, Dave Reisner wrote: > >This is a safety measure to prevent simple code injection. > > > >$ i="foo bar" > >$ eval i="$i" > >bash: bar: command not found > >$ eval i='$i' > >$ echo "|$i|" > >|foo bar| > > > >Signed-off-by: Dave Reisner<[email protected]> > > > No signoff... with single quotes it does not actually do the > variable substitutions which is the whole point. > > > _ver=1.8.2 > > i='${_ver/[a-z]/.${_ver//[0-9.]/}}' > > echo $i > ${_ver/[a-z]/.${_ver//[0-9.]/}} > > > eval i='$i' > > echo $i > ${_ver/[a-z]/.${_ver//[0-9.]/}} > > > > eval i="$i" > > echo $i > 1.8.2 > > > So what is really needed is: > eval i=\"$i\" > > Allan > > >
I hate eval. I'll fix my patch. d
