Hi all, Traditionally UNIX programs accept options like -h and --help to alter the program behavior in different ways. However, since option arguments and non-option arguments are mixed together in the argv array, codes like this are subject to break:
echo $a The intention is almost always to print the content of $a joined by space, and a newline after that (any fish user should recognize that this is the default behavior of the echo builtin). However, when $a contains 2 elements, '-n' and 'a', the first argument '-n' is recognized by echo as an option (no newline), and instead of "-n a" plus newline, "a" w/o newline is printed. Similarly, when there is a file named "-v" in the current directory, even commands as innocent as "cat *" also breaks. The problem manifested here is similar to that of SQL injecting, where the programmer-provided SQL statement and user-provided variables are joined together and virtually indistinguishable. Traditionally the UNIX problem is an "end of option" marker '--', that suggests that arguments after it shall be taken as options. Thus to write concatenate all files in current directory safely, you write "cat -- *". (echo is historically weird, and most shells' echo don't recognize this convention.) However, requiring '--' places a significant burden on the user. So I've proposed another approach to the problem: give options syntactic significance, thus in all of echo $a echo '-n' echo * There is no danger of any of the expanded tokens resulting in '-n' affecting the behavior of echo. Only a literal -n, as in echo -n a b serves as an option. Under the hood, the argument list is parsed for options before most of the expansions; builtins see an array of options in additional to argv. Thus anything that is not a literal -n is put in argv, not in options. Of course, this is limited to builtins and functions only, since external commands can only accept arguments in a plain list. However with option parsing implemented it will be trivial to write "safe" wrappers around external commands that adds the '--' for you. I've also forked a branch called opt-parse to implement this experimental proposal: https://github.com/xiaq/fish-shell/tree/opt-parse Currently the only option parsing for builtins are implemented, and only the -h/--help option is recognized. To observe the difference, build fish from my opt-parse branch, and note that within it the behavior of the following two lines echo -h echo '-h' are different; the former prints help message for "echo", while the latter prints out "-h". This concludes the introduction to my proposal. For more details, please see my proposal on fish issue tracker: https://github.com/fish-shell/fish-shell/issues/447. Critics, suggestions and any comments are highly appreciated! -- Regards, Cheer Xiao ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Fish-users mailing list Fish-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fish-users
