Timeline for Security implications of forgetting to quote a variable in bash/POSIX shells
Current License: CC BY-SA 4.0
22 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 2, 2024 at 1:21 | comment | added | Martin Kealey | There's a fourth case where people fail to quote properly: when you have a construct like "$( cmd "$var" )", many sophomores leave out one of the pairs of quotes, and are surprised when you tell them they haven't put in enough quotes. Some of them even argue that extra quotes would make it break up into "$( cmd " $var " )" | |
| Nov 18, 2022 at 9:34 | comment | added | Stéphane Chazelas | @U.Windl you should report that as a bug to the maintainers of the editor you use. That would be very bad if their syntax highlighting encouraged bad coding practice. vim doesn't have that problem AFAICT. Neither does jed. Having said, shell code (especially Bourne-like ones) syntax highlight is virtually impossible to do reliably (or usefully). | |
| Nov 18, 2022 at 9:26 | comment | added | U. Windl | One reason for not using double quotes around variables in shell scripts is that in most editors syntax highlighting no longer emphasizes variable names then ;-) | |
| Jan 25, 2022 at 6:45 | history | edited | Stéphane Chazelas | CC BY-SA 4.0 | edited body |
| Sep 28, 2017 at 12:35 | history | edited | Stéphane Chazelas | CC BY-SA 3.0 | added 2 characters in body |
| S Jul 15, 2017 at 17:35 | history | suggested | flerb | CC BY-SA 3.0 | Point to "Korn's Biggest Regrets" question, it's a long article |
| Jul 15, 2017 at 16:07 | review | Suggested edits | |||
| S Jul 15, 2017 at 17:35 | |||||
| Apr 13, 2017 at 12:36 | history | edited | CommunityBot | replaced http://unix.stackexchange.com/ with https://unix.stackexchange.com/ | |
| Jan 8, 2017 at 9:25 | history | edited | Stéphane Chazelas | CC BY-SA 3.0 | added 33 characters in body |
| Sep 3, 2016 at 21:16 | history | edited | Jeff Schaller♦ | CC BY-SA 3.0 | deleted 3 characters in body |
| May 30, 2016 at 0:48 | answer | added | G-Man Says 'Reinstate Monica' | timeline score: 48 | |
| May 4, 2016 at 0:14 | answer | added | Zombo | timeline score: 12 | |
| Mar 13, 2015 at 0:05 | vote | accept | Stéphane Chazelas | ||
| Mar 13, 2015 at 0:04 | history | edited | Stéphane Chazelas | CC BY-SA 3.0 | added 48 characters in body |
| Jan 11, 2015 at 21:10 | history | edited | Stéphane Chazelas | CC BY-SA 3.0 | edited body |
| Dec 28, 2014 at 21:05 | history | edited | Stéphane Chazelas | CC BY-SA 3.0 | edited body |
| Dec 9, 2014 at 14:08 | comment | added | mirabilos | backlink from this article I wrote, thanks for the writeup | |
| Dec 4, 2014 at 1:54 | comment | added | pawel7318 | BashPitfalls is something you'll like I think. | |
| Dec 4, 2014 at 1:45 | history | edited | Gilles 'SO- stop being evil' | edited tags | |
| Dec 4, 2014 at 0:22 | history | tweeted | twitter.com/#!/StackUnix/status/540300167631872001 | ||
| S Dec 3, 2014 at 21:59 | answer | added | Stéphane Chazelas | timeline score: 300 | |
| S Dec 3, 2014 at 21:59 | history | asked | Stéphane Chazelas | CC BY-SA 3.0 |