mirror of
https://git.busybox.net/busybox
synced 2026-01-31 16:43:21 +00:00
fd7a4c8c28
This patch makes msh handle variable expansion within backticks more correctly. Current behaviour (wrong): -------------------------- BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. $ A='`echo hello`' $ echo $A `echo hello` $ echo `echo $A` hello $ New behaviour (correct): ------------------------ BusyBox v1.00-rc3 (2004.08.26-11:51+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands. $ A='`echo hello`' $ echo $A `echo hello` $ echo `echo $A` `echo hello` $ The current behaviour (wrong according to standards) was actually my fault. msh handles backticks by executing a subshell (which makes it work on MMU-less systems). Executing a subshell makes it hard to only expand variables once in the parent. Therefore I export all variables that will be expanded within the backticks and let the subshell handle the expansion instead. The bug was found while searching for security leaks in CGI-scripts. Current behaviour of msh makes it easy to expand backticks by mistake in $QUERY_STRING. I recommend appling the patch before release of bb 1.00. /Jonas |
||
|---|---|---|
| .. | ||
| ash.c | ||
| cmdedit.c | ||
| cmdedit.h | ||
| Config.in | ||
| hush.c | ||
| lash.c | ||
| Makefile | ||
| Makefile.in | ||
| msh.c | ||