On 19/11/08 13:35, Hamish wrote:
Moritz wrote:
Don't think that table names can have spaces
it doesn't matter if they can really have spaces, it matters if a user who
thinks they could have spaces tries that. The goal is that the module
does not fail in a bizzare way in that case, but with a useful error
message from the correct place.
But the user does not define table name in v.db.renamecol. The module
takes the table linked to a map.
if modules are run live from the web, an unquoted variable could include
something like table="dbf; run_evil_command; #", and without quoting
they have all the shell access they want. (well, I'm not totally sure
about that, but it scares me enough to be pedantic about it for shell
scripts)
Don't know if a combination of v.db.connect -o with evil table name
followed by v.db.renamecol could cause trouble like that.
ps- "${var}" is a little overkill, I think "$var" is fine. and I'm not
sure if "" around VAR=`` is needed, or if that causes problems if interior
command also contains "". ??
I'll leave this to the specialists. There's tons of examples of that
usage of quotes in the scripts...
I'll just do as I'm told ;-)
Moritz
_______________________________________________
grass-dev mailing list
grass-dev@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/grass-dev