On 8/18/15 1:52 PM, isabella parakiss wrote: > Sorry for being both pedantic and late for that discussion but what's the > point of this warning? From my understanding, the code is still valid, so > it doesn't stop a possible attacker and it only annoys regular users.
It's meant as an indication that this form of assignment will not be treated as a compound array assignment in the future. The idea is that you give users plenty of warning and plenty of opportunity to change their scripts without impacting function or breaking existing scripts on a minor version upgrade. There are legitimate security concerns with having declare treat an expanded variable as specifying a compound array assignment. Stephane did a nice job of going through them, and the discussion is illuminating. > Using eval requires an extra level of escaping on everything else, I'd > rather use declare 2>/dev/null to suppress the warning than eval... Your choice, of course. > Idea: display the warnings in -n mode, like ksh. > This way bash wouldn't produce unexpected results on existing scripts, it > wouldn't even require a new compatibility level and shopt. > What do you think about it? Very few people run bash -n. It's a nice idea, but it wouldn't have the reach I'm looking for. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/