shell variable security

Jacques B. jjrboucher at gmail.com
Wed Oct 3 16:41:59 UTC 2007


<snip>
> If all you are looking is to grab everything up to the first ; or :
> (anything after is deemed invalid) you could use string manipulation.
> Test it out as follows:
>
> read name; echo ${name%%+(;|:)*}
>
> It will echo everyting to the first ; or : (omitting the invalid
> character and everything after.
>
> This will only work if you have extglob enabled as shopt.
>
> If this does what you want, you can assign the value of your variable
> using that string manipulation, hence cutting out the ; or : and
> everything after.  No testing conditions.  If there are other
> characters you wish to exclude simply add them in the patter by
> separating each with the pipe |.
>
<snip>
> Jacques B.
>

I re-reading your original request I see that you are looking to
validate if such a character was used.  Using my suggestion you could
assign that value to a temp variable and then compare the temp
variable to the variable that contains the full user input.  If they
match then the user didn't type any invalid characters as nothing was
truncated from his original input.  If they don't match that means
something was truncated hence an invalid character was entered.

Jacques B.




More information about the fedora-list mailing list