2017-05-16 10:03:56 +0700, Robert Elz: [...] > $ y=$(quote "$x") [...] > Just remember to always quote variable references "$x" unless you are > 100% certain what the content of the variable is, eg: as above with $y > where we know it is the result of the quote function, so is safe. [...]
No, the split+glob operator that is done upon unquoted parameter expansion (or command substitution or arithmetic expansion) is completely different from the shell syntax parsing. It is not affected by quotes. a="'a b'" printf '<%s>\n' $a Still outputs (assuming the default value of $IFS): <'a> <b'> And touch "'a'" "'b'" a="'?'" echo $a still outputs 'a' 'b' (and with a="' * '" you'd list the current directory) Those variables output by quote() are intended to be passed to eval, but still need to be quoted: eval "set -- $a" certainly *not* eval set -- $a, which because of the glob part (or if ' or possibly \ was in $IFS) would be a command injection vulnerability (if the content of $a was not controlled). You'd leave a variable unquoted if you wanted it to be either split or globbed or both, but would then need to set $IFS and/or disable globbing. -- Stephane
