On Mon, May 27, 2013 at 02:21:34PM +0000, Xyne wrote: > Dave Reisner wrote: > > >On May 25, 2013 1:02 PM, "Xyne" <[email protected]> wrote: > >> > >> Hi, > >> > >> The commented XferCommands in the default pacman.conf lack proper quoting. > >> Would you please add single quotes around the place holders "%u" and "%o"? > > > >I'd be opposed to this. The substitutions should be made to be shell safe > >(pre-quoted) so that the user doesn't need to worry about it. > > I agree that the proper way to handle this is by shell-escaping the values > before calling the command, but I did not expect anyone to have any interest > in > doing that. If someone wants to do that before the next release then that > would > be great, but if not then the quotes would be better than nothing. Overall it > will ensure that more cases are correctly handled at the expense of a simple > edit. > > Thanks. > >
The effort involved in this is a +2/-2 patch to quote the substitutions for %u and %o and we cover everything, versus a +2/-2 patch to quote the lines in pacman.conf, covering the defaults and assuming that users will get the hint.
