On Wed, Aug 15, 2007 at 06:35:18AM -0500, Peter da Silva wrote: > On Aug 15, 2007, at 4:25, A. Pagaltzis wrote: > >By "doing it themselves" you force everyone to parse the command > >line on their own, which means quoting conventions and how to deal > >with spaces in filenames can vary not per shell, but per invoked > >program. If that's not hateful, I don't know what is. > > It's also a security problem, because programs that call other > programs don't know how to quote and escape the command line.
To my knowledge, it's even worse than you say. I do not believe there is any way that you can correctly quote all valid filenames *even if* you restrict yourself to the set of programs which follow the default Microsoft rules. I do not believe the rules are actually specified anywhere. Exacerbating the problem is of course that the programs receive one string for the entire command line and argument list, so it is not possible to include delimiters out of band. Even if the quoting and escaping rules were sufficient to represent all valid filenames, sufficiently escaped -- they are not -- you would have to maintain your own independent escaping code, since such tools are not provided. -josh
