Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: simple substitution?



2009-08-27 08:12:35 -0700, spiralofhope:
> On Wed, 12 Aug 2009 13:04:18 +0100
> Stephane Chazelas <stephane_chazelas@xxxxxxxx> wrote:
> 
> > eval.
> > 
> > eval "echo \${${FO}${O}}"
> > 
> > or
> > 
> > eval "echo \${$FO$O}"
> > 
> > See also:
> > 
> > echo ${(P)${:-$FO$O}}
> > 
> > or
> > 
> > echo ${(e)${:-\${$FO$O}}}
> 
> Is eval a good idea?  Can it introduce backdoors into the script?

Yes, that's usually what eval does when passed uncontrolled
data. You'd get the same problem with (e).

You need to make sure that $FO$O resolves to a valid variable
name.

if $FO$O were 'x}; rm -rf ${HOME' for instance, there'd be
damage.

However note that the eval solutions are standard POSIX sh
solutions, so you don't make your script zsh specific when using
them.

-- 
Stephane



Messages sorted by: Reverse Date, Date, Thread, Author