On 8/29/25 14:13, raf wrote:
On Thu, Aug 28, 2025 at 07:29:37AM +0100, James Youngman <[email protected]> wrote:
One of the important problems here is that file names are not in general
encoded with the coding system indicated by the invoking user's environment
variables.
In fact, two consecutive path elements (I.e. a directory name and its
child's name) may use entirely incompatible character encoding systems.
I believe another concern is terminal escape injection which
necessitates some encoding.
Also the -ls action should produce output like 'ls -dils'.
Since quite a while the shell-escaping of GNU ls(1) has been introduced,
and meanwhile - compared to a little feedback wave - been accepted.
As such, I think it's fair enough now to also go the secure route and
use shell-escape quoting style.
Have a nice day,
Berny
