Package: less Version: 551-2 Severity: important
Hey. In most (all?) cases, lesspipe simply uses the filename as is (i.e. $1) and neither uses anything like "--" (as far as available) in the commands it calls. This is prone to fail, as soon as one has filenames that may be mistaken for command options, e.g. ones that start with - or -- . I guess there are two things one can do here (and probably one has do to actually both): 1) Go through the list of all commands, find out which of them supports "--" or similar options and just add them 2) For all other cases, a nice trick is to quote any pathnames as absolute or relative paths (these are typically never mistaken for options). Well an absolute path is anyway "quoted" in that sense, a relative path needs a "./" added. I have a function for this (see attachment). What do you think should we do? Cheers, Chris.
#!/bin/sh #******************************************************************************* #*** Escape Pathname For Use As Command Argument *** #******************************************************************************* # Escapes a pathname for use as a command argument, so that it’s not mistaken # for a typical option argument (like `-o` or `--option`) and can be used with # programs that don’t provide a way to stop option argument parsing (like via # `--`) or improperly parse option arguments with (separate) values (like # `--option value`, where the value might start with a `-`). # # Its output is guaranteed to be one of the following: # • the empty string # (when the input was the empty string) # • an absolute pathname starting with `/` # (when the input was an absolute pathname) # • a relative pathname starting with `./` respectively just `.` # (when the input was a relative pathname respectively the relative pathname # of a “dot file”) # # # There are two modes of operation: # • reading the string literal from standard input # (when there are 0 positional parameters) # • reading the string literal from positional parameter #1 # (when there are ≧1 positional parameters) # # # Beware: # • The Shell Command Language’s command substitutions (`$(…)` and (``…``)) # strip any trailing newlines from the command’s standard output. # Therefore, when this function is used in a command substitution the trailing # newlines, if any, get lost. # # If this is a concern, then lost trailing newlines can be recovered like # this: # TODO: escape_pathname_as_command_argument() { local pathname="${1-}" if [ $# -eq 0 ]; then sed '1s|^[^/.]|./&|' else if [ -z "${pathname}" ]; then return 0 elif [ -z "${pathname##[/.]*}" ]; then printf '%s' "${pathname}" else printf './%s' "${pathname}" fi fi } #Copyright © 2021 Christoph Anton Mitterer <m...@christoph.anton.mitterer.name> # # #This program is free software: you can redistribute it and/or modify it under #the terms of the GNU General Public License as published by the Free Software #Foundation, either version 3 of the License, or (at your option) any later #version. #This program is distributed in the hope that it will be useful, but WITHOUT ANY #WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A #PARTICULAR PURPOSE. #See the GNU General Public License for more details. #You should have received a copy of the GNU General Public License along with #this program. If not, see <https://www.gnu.org/licenses/>.