Moritz wrote: > Don't think that table names can have spaces it doesn't matter if they can really have spaces, it matters if a user who thinks they could have spaces tries that. The goal is that the module does not fail in a bizzare way in that case, but with a useful error message from the correct place.
if modules are run live from the web, an unquoted variable could include something like table="dbf; run_evil_command; #", and without quoting they have all the shell access they want. (well, I'm not totally sure about that, but it scares me enough to be pedantic about it for shell scripts) Hamish ps- "${var}" is a little overkill, I think "$var" is fine. and I'm not sure if "" around VAR=`` is needed, or if that causes problems if interior command also contains "". ?? _______________________________________________ grass-dev mailing list grass-dev@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/grass-dev