diff options
| author | Urban Müller | 2025-03-19 17:12:37 +0100 |
|---|---|---|
| committer | Urban Müller | 2025-03-19 17:12:37 +0100 |
| commit | d713c9103aaeffdcf47f5ce73e2c75dac4f1b76b (patch) | |
| tree | e4c31c903f3eb994dd3e336f018e7115c2b7b634 | |
| parent | 6f3dfa256716316809675b591afc5e80274100e1 (diff) | |
| download | itools-d713c9103aaeffdcf47f5ce73e2c75dac4f1b76b.tar.gz itools-d713c9103aaeffdcf47f5ce73e2c75dac4f1b76b.tar.bz2 itools-d713c9103aaeffdcf47f5ce73e2c75dac4f1b76b.zip | |
only allow ten positional args
| -rw-r--r-- | it.class | 4 | ||||
| -rwxr-xr-x | test/exec.t | 1 |
2 files changed, 3 insertions, 2 deletions
@@ -676,7 +676,7 @@ static function filter_keys($array, $keys, $p = array()) * Construct shell command using it::shell_command, log it, execute it and return output as string. * @param $cmd shell command to be executed. String may contain: * {keyword} quotes and inserts value from assoc array like ET() - * {0} .. {n} quotes and inserts positional arguments + * {0} .. {9} quotes and inserts positional arguments * {-opts} array of opts => {value,true,false,null}: it::exec('ls {-opts}', ['-opts' => ["-l" => true]]); * @param $cmd Format string with {keywords} a la ET() * @param $args varargs, contains key => val arrays or positionals for filling in cmd line. val=null expands to nothing @@ -737,7 +737,7 @@ static function shell_command($cmd, ...$args) # for escapeshellarg in it::_exec_quotevalue $oldlocale = setlocale(LC_CTYPE, 0); setlocale(LC_CTYPE, 'de_CH'); - foreach (it::match('({(-?)([a-z0-9]\w*)})', $cmd, ['all' => true]) as $tags) + foreach (it::match('({(-?)([a-z]\w*|\d)})', $cmd, ['all' => true]) as $tags) { list($tag, $option, $key) = $tags; $parts = []; diff --git a/test/exec.t b/test/exec.t index cc1be80..6757fc7 100755 --- a/test/exec.t +++ b/test/exec.t @@ -6,6 +6,7 @@ is(it::exec("echo gna"), "gna\n", "basic exec"); is(it::exec("echo {arg}", ['arg' => 'gnu'], ['arg' => "gna"]), "gna\n", "exec with argument"); is(it::exec("echo {0}", 'gna'), "gna\n", "exec with positional argument"); +is(it::shell_command("egrep a{10}"), 'egrep a{10}', "exec with too large positional argument"); is(it::shell_command("echo {arg}", ['arg' => 'gna07,-:blah']), "echo gna07,-:blah", "don't quote arguments with only whitelistes characters"); is(it::shell_command("echo {arg}", ['arg' => '2>&1']), "echo '2>&1'", "quote arguments with dangerous characters"); is(it::shell_command("echo {arg}", ['arg' => '']), "echo ''", "quote empty arguments"); |