David Storrs wrote on 12/28/18 11:09 PM:
I am using 'system' to offload some work onto wget and other applications in a few one-off scripts. Is there an easy way to escape a string so it's suitable for usage in the shell? Things like backwhacking all the quotes and relevant spaces and such.
As you know (just to articulate it for the list), processing command lines through the host shell is a little scary, and an imperfection here can be a huge security hole, or otherwise cause failures.
We can try to do escaping/quoting, but there are so many potential special cases on different host systems.
Fortunately, there might be an alternative... If you're getting a command line from elsewhere, safer is to parse it yourself into process arguments in Racket, and pass those to something like `system*`, so that you know it's done correctly, and there's no shell-specific special characters or bugs or Unicode tricks or anything else.
There are cases in which you have a host shell command line that you can't parse it yourself (e.g., a process takes a command line as an argument, or you have to use a subshell command line). If you really have to do that, you could look at how I did it for a side project several years ago, but it isn't quite my current thinking: https://www.neilvandyke.org/racket/sudo/
(IIRC, I probably wrote that `sudo` module for a module possibly even more scary: https://www.neilvandyke.org/racket/parted/ )
-- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
