Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: indirect assignment to array
- X-seq: zsh-users 24781
- From: Stephane Chazelas <stephane@xxxxxxxxxxxx>
- To: Pier Paolo Grassi <pierpaolog@xxxxxxxxx>
- Subject: Re: indirect assignment to array
- Date: Thu, 16 Apr 2020 17:30:22 +0100
- Cc: Mikael Magnusson <mikachu@xxxxxxxxx>, Zsh-Users List <zsh-users@xxxxxxx>
- In-reply-to: <CAP+y1xAG3ayQNE3JqeF_YOT5FZ9pLiUAF5TmPVoOv+nPyjK30A__22203.4378488146$1586994256$gmane$org@mail.gmail.com>
- List-help: <mailto:zsh-users-help@zsh.org>
- List-id: Zsh Users List <zsh-users.zsh.org>
- List-post: <mailto:zsh-users@zsh.org>
- List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
- Mail-followup-to: Pier Paolo Grassi <pierpaolog@xxxxxxxxx>, Mikael Magnusson <mikachu@xxxxxxxxx>, Zsh-Users List <zsh-users@xxxxxxx>
- Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
- References: <CAP+y1xCb3NJn8BRsuwpO6XVgzAtGsBvP870M5na3mAH+CwJ_OA@mail.gmail.com> <CAHYJk3TmiNicTrwem6iRxKMxdNT5-ZB8W8vT5Gc=t7DrbPfBdQ@mail.gmail.com> <CAP+y1xAG3ayQNE3JqeF_YOT5FZ9pLiUAF5TmPVoOv+nPyjK30A__22203.4378488146$1586994256$gmane$org@mail.gmail.com>
2020-04-16 01:42:29 +0200, Pier Paolo Grassi:
> Il giorno gio 16 apr 2020 alle ore 01:13 Mikael Magnusson <mikachu@xxxxxxxxx>
> ha scritto:
[...]
> > : ${(PA)varname::=$array}
> > (leave out the A for scalar assignment, and use AA for assoc arrays).
[...]
> Thanks! I was afraid I had to resort to eval.
[...]
What's wrong with "eval"? Note that many of those alternatives
to "eval" are just other evals in disguise or are as dangerous
(but giving the wrong impression that they're not).
: ${(PA)varname::=$array}
is a command injection vulnerability if the content of $varname
is not sanitized.
$ varname='x[$(uname>&2)]'
$ : ${(PA)varname::=$array}
Linux
zsh: bad math expression: empty string
So is:
eval $varname'=("$array[@]")'
but at least it's more obvious that it is.
In any case, I'd expect the contents of $varname to be known and
trusted in this case, while that of $array could be anything.
Note that that "$array[@]" (instead of $array) is needed to
preserve empty elements.
--
Stephane
Messages sorted by:
Reverse Date,
Date,
Thread,
Author