texlive[58347] Build/source/texk/xdvik: escape all shell

commits+karl at tug.org commits+karl at tug.org
Sun Mar 14 23:19:56 CET 2021 

Revision: 58347
          http://tug.org/svn/texlive?view=revision&revision=58347
Author:   karl
Date:     2021-03-14 23:19:56 +0100 (Sun, 14 Mar 2021)
Log Message:
-----------
escape all shell metacharacters and whitespace

Modified Paths:
--------------
    trunk/Build/source/texk/xdvik/ChangeLog
    trunk/Build/source/texk/xdvik/string-utils.c

Modified: trunk/Build/source/texk/xdvik/ChangeLog
===================================================================
--- trunk/Build/source/texk/xdvik/ChangeLog	2021-03-14 12:03:08 UTC (rev 58346)
+++ trunk/Build/source/texk/xdvik/ChangeLog	2021-03-14 22:19:56 UTC (rev 58347)
@@ -1,3 +1,16 @@
+2021-03-14  Karl Berry  <karl at freefriends.org>
+
+	* string-utils.c (shell_escape_string): escape other shell
+	metacharacters and whitespace.
+
+2021-03-12  Norbert Preining  <norbert at preining.info>
+
+	* string-utils.c (shell_escape_string): also escape &.
+
+2021-03-14  Norbert Preining  <norbert at preining.info>
+
+	* string-utils.c (shell_escape_string): also escape &.
+
 2020-03-02  Karl Berry  <karl at freefriends.org>
 
 	* main.c (is_good_dvi_file): avoid using strnlen, not present

Modified: trunk/Build/source/texk/xdvik/string-utils.c
===================================================================
--- trunk/Build/source/texk/xdvik/string-utils.c	2021-03-14 12:03:08 UTC (rev 58346)
+++ trunk/Build/source/texk/xdvik/string-utils.c	2021-03-14 22:19:56 UTC (rev 58347)
@@ -635,10 +635,10 @@
     return start;
 }
 
-/* Escape all of the following characters in str:
-   ` \ ; ( ) &
-   making it safe to pass str to a shell. Return result in a newly
-   allocated string, which the caller is responsible to free() after use.
+/* Escape shell metacharacters in str, hopefully making it safe to pass
+   str to system(), i.e., /bin/sh -c, without further quoting. Return
+   result in a newly allocated string, which the caller is responsible
+   to free() after use.
 */
 char *
 shell_escape_string(const char *str)
@@ -651,10 +651,20 @@
     while (*src_ptr != '\0') {
 	if (*src_ptr == '\\'
 	    || *src_ptr == '`'
-	    || *src_ptr == '('
-	    || *src_ptr == ')'
+	    || *src_ptr == '\''
+	    || *src_ptr == '"'
+	    || *src_ptr == '(' || *src_ptr == ')'
+	    || *src_ptr == '{' || *src_ptr == '}'
+	    || *src_ptr == '[' || *src_ptr == ']'
+	    || *src_ptr == '<' || *src_ptr == '>'
 	    || *src_ptr == '&'
-	    || *src_ptr == ';') {
+	    || *src_ptr == '|'
+	    || *src_ptr == '!'
+	    || *src_ptr == '$'
+	    || *src_ptr == '*'
+	    || *src_ptr == '?'
+	    || *src_ptr == ';'
+	    || *src_ptr == ' ' || *src_ptr == '\t' || *src_ptr == '\n') {
 #if 0
 	    /* only if not yet escaped? */
  	    && (src_ptr == str || (src_ptr > str && *(src_ptr - 1) != '\\'))) {

More information about the tex-live-commits mailing list.