Bug#667904: RFS: mitlm/0.4-1 [ITP] -- MIT Language Modeling
* Giulio Paci <giuliopaci@gmail.com>, 2013-01-14, 01:06:
The ZFile implementation worries me... Do I read it correctly that
filenames are passed to shell without any escaping?
Unfortunately you are right. Do you have a quick fix in mind?
Escape them? :)
It's not difficult if you care only about POSIX-compatible systems (see
the attach code snippet). Unfortunately, supporting Windows is a bit
more complicated...
--
Jakub Wilk
#include <sstream>
std::string shell_escape(const std::string &s)
{
std::ostringstream buffer;
buffer << "'";
for (std::string::const_iterator it = s.begin(); it != s.end(); it++) {
if (*it == '\'')
buffer << "'\\''";
else
buffer << *it;
}
buffer << "'";
return buffer.str();
}
Reply to: