Re: sed question

To: debian-user@lists.debian.org
Subject: Re: sed question
From: Greg Wooledge <wooledg@eeg.ccf.org>
Date: Fri, 6 Dec 2019 12:24:33 -0500
Message-id: <[🔎] 20191206172433.GD851@eeg.ccf.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 2deqbg-947.ln1@anthive.com>
References: <[🔎] 2deqbg-947.ln1@anthive.com>

On Fri, Dec 06, 2019 at 12:06:10PM -0500, songbird wrote:
> #this doesn't work...
> old_summary=`echo "Previous glitches and inconsistencies were due to a missing / at the end of the baseurl...   ,.#*$+%*$&#+(*={_})"`
> result=`echo "summary: \"\"" | sed -e "s/^summary: .*$/summary: \"${old_summary}\"/"`

Code injection.

>   my question is about why i need to pre-process the summary to escape the
> slash?  i use other characters in the summaries without issues just that
> slash causes problems...  ?????

Ideally, you'd just stop trying to use sed with user-supplied variables
injected into the code.  Sed was never built to be safe for that kind of
work.

There are some alternatives at <https://mywiki.wooledge.org/BashFAQ/021>
including one using perl which handles arbitrary user-supplied search
and replace variables safely.

Reply to:

Follow-Ups:
- Re: sed question
  - From: songbird <songbird@anthive.com>

References:
- sed question
  - From: songbird <songbird@anthive.com>

Prev by Date: sed question
Next by Date: buster: not reaching login screen on console
Previous by thread: sed question
Next by thread: Re: sed question
Index(es):
- Date
- Thread