Fantastic.. did not know about that one either.
Thanks.
On Thu, Mar 31, 2011 at 3:42 PM, Thomas Bellman <bell...@nsc.liu.se> wrote:
> Felix Frank wrote:
>
>> On 03/31/2011 03:42 PM, Mohamed Lrhazi wrote:
>
>>> but it does not look safe as the $content could contain single quotes,
>>> could it not?
>>
>> That't true, and I don't see a way that you can waterproof this
>> construct. Sorry.
>
> Then you haven't seen the shellquote() function. It is there
> specifically so you can construct safe shell commands:
>
> $echocmd = shellquote('/bin/echo', $content)
> exec {
> "generate_facts_yaml":
> command => "/bin/false",
> unless => "$echocmd >/path/to/file";
> }
>
> Note that shellquote('/bin/echo', $content, '>/path/to/file'),
> would be wrong, since shellquote() would then quote the >
> character so the shell won't interpret it as a redirection.
>
>
> /Bellman
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
