enclosing variable in quotes
scooter6 at gmail.com
scooter6 at gmail.com
Fri Feb 16 06:06:41 PST 2018
It's not from user input - it is getting passed from a field in
processing....it happens to be a URL that is a field in one of our files
and I need to pass it to curl
thanks
On Wed, Feb 14, 2018 at 3:10 PM, Bill Campbell via Filepro-list <
filepro-list at lists.celestial.com> wrote:
> On Tue, Feb 13, 2018, scooter6--- via Filepro-list wrote:
> >If I'm wanting to pass my variable with double quotes included, why does
> >processing not like this?
>
> As a general rule, any variable that may result from user input
> should NEVER be enclosed in double quotes as the variable may
> contain malicious code (e.g. "; rm -rf $HOME;").
>
> Bill
> --
> INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
> URL: http://www2.celestial.com/ PO Box 820; 6641 E. Mercer Way
> Mobile: (206) 947-5591 Mercer Island, WA 98040-0820
> Fax: (206) 232-9186 Skype: jwccsllc
>
> When the customer has beaten upon you long enough, give him what he asks
> for, instead of what he needs. This is very strong medicine, and is
> normally only required once.
> -- The Consultant's Curse:
> _______________________________________________
> Filepro-list mailing list
> Filepro-list at lists.celestial.com
> Subscribe/Unsubscribe/Subscription Changes
> http://mailman.celestial.com/mailman/listinfo/filepro-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.celestial.com/pipermail/filepro-list/attachments/20180216/8cd6c275/attachment.html>
More information about the Filepro-list
mailing list