Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: PATCH: Improve quote handling in _ant completion



On Wed, Nov 29, 2023 at 4:15 PM German Riano <griano@xxxxxxxxx> wrote:
>
> Even just using 'print -qn' works.

Er, what?

% print -qn foo
print: bad option: -q

Do you mean "printf %q ..." ?

> Questions:
> 1. Is "${(qq):-$ln} equivalent to "${(qq)ln} ?

Yes.  I left it with the ":-" because in the other case there's a
trailing space inside the right brace (ultimately, inside the right
single-quote) and I thought one might be needed here as well.

> 2. Does the read command needs '-r' ?

I don't think so, the backslashes will already have been removed by
"eval" ... but perhaps if there's actually a literal backslash in the
target name, yes.

> 3. Does using eval creates the risk of arbitrary execution of code?

It does as written before any of these patches, because a target name
could embed matched pairs of single quotes and $(...) in such a way
that the eval would run the substitution.

I think fixing the inner-single-quoting via (qq) removes that
possibility, but it would still be better not to need the eval.




Messages sorted by: Reverse Date, Date, Thread, Author