Thanks for the quick reply!
On Thu, 16 Feb 2023 15:43:40 +0100
Tomas Kalibera <tomas.kalib...@gmail.com> wrote:
> Please see 83851 from earlier today which does a bit more of
> robustification, and if you find any problem in it, please let me
> know.
83851 is an improvement, but it does let single quotes through,
unfortunately, leading to my (contrived) example of "/tmp/';echo;'".
Given what you say about the temporary nature of the current fix,
adding the single quote to the list of special symbols should be a good
solution for now:
--- src/main/platform.c (revision 83851)
+++ src/main/platform.c (working copy)
@@ -1634,7 +1634,7 @@
/* On Solaris the working directory must be outside this one */
chdir(R_HomeDir());
#endif
- char *special = "\\`$\"\n";
+ char *special = "\\`$\"\n'";
int hasspecial = 0;
for(int i = 0; special[i] != '\0'; i++)
if (strchr(Sys_TempDir, special[i])) {
At least I don't see a way out once you disallow single quotes in the
single-quoted string.
--
Best regards,
Ivan
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
