Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: [PATCH] Re: regexp-replace and ^, word boundary or look-behind operators
2019-12-18 00:22:53 +0000, Daniel Shahaf:
[...]
> > +eval $1=\$5
>
> How about «: ${(P)1::="$5"}» to avoid eval?
I suppose that would work but would not prevent code injection
vulnerabilities if $1 was not guaranteed to contain a valid
variable name:
$ 1='a[`uname>&2`]'
$ : ${(P)1::="$5"}
Linux
zsh: bad math expression: empty string
Linux
zsh: bad math expression: empty string
Note that uname was run twice suggesting it's potentially less
efficient than using eval (IIRC, that was already discussed
here. possibly that was fixed in a newer version).
Here, I'd say it's the caller's responsibility to make sure they
pass a valid lvalue as first argument.
--
Stephane
Messages sorted by:
Reverse Date,
Date,
Thread,
Author