Max Nikulin <maniku...@gmail.com> writes: > On 13/08/2023 14:52, Ihor Radchenko wrote: >> What do you think about creating a new API to built shell commands and >> then using it across all the babel backends? > > I support the idea in general, but not its particular implementation as > `org-make-shell-command' in your patch. > > It does not address the issue I raised. > > #+begin_src sqlite :db '(literal "/tmp/ob.sqlite$(date > >/tmp/ob-sqlite-vuln.log)") > select 1 > #+end_src
Handling lisp values in header arguments is much more general issue not tied to ob-sql or even to running shell commands. It should be addressed alongside with https://orgmode.org/list/87edsd5o89.fsf@localhost -- Ihor Radchenko // yantar92, Org mode contributor, Learn more about Org mode at <https://orgmode.org/>. Support Org development at <https://liberapay.com/org-mode>, or support my work at <https://liberapay.com/yantar92>
