How to use both pipes and prevent shell expansion

2020-05-09 22:18发布

If multiple arguments are passed to perl's system function then the shell expansion will not work:

# COMMAND
$ perl -e 'my $s="*"; system("echo", "$s" )'

# RESULT
*

If the command is passed as an one argument then the expansion will work:

# COMMAND
$ perl -e 'my $s="echo *"; system("$s")'

# RESULT
Desktop Documents Downloads

The system function also allows to using multiple commands and connect them using pipes. This only works when argument is passed as an one command:

# COMMAND
$ perl -e 'my $s="echo * | cat -n"; system("$s")'

# RESULT
1 Desktop Documents Downloads

How can I combine mentioned commands and use both pipes and prevent shell expansion?

I have tried:

# COMMAND
$ perl -e 'my $s="echo"; system("$s", "* | cat -n")'

# RESULT
* | cat -n

but this did not work because of reasons that I've described above (multiple arguments are not expanded). The result that I want is:

1 *

EDIT: The problem that I'm actually facing is that when I use following command:

system("echo \"$email_message\" | mailx -s \"$email_subject\" $recipient");

Then the $email_message is expanded and it will break mailx if it contains some characters that are further expanded by shell.

2条回答
We Are One
2楼-- · 2020-05-09 23:01

You can use open to pipe directly to mailx, without your content being interpreted by the shell:

open( my $mail, "|-", "mailx", "-s", $email_subject, $recipient );
say $mail $email_message;
close $mail;

More details can be found in open section of perlipc.

查看更多
孤傲高冷的网名
3楼-- · 2020-05-09 23:09

system has three calling conventions:

system($SHELL_CMD)

system($PROG, @ARGS)               # @ARGS>0

system( { $PROG } $NAME, @ARGS )   # @ARGS>=0

The first passes a command to the shell. It's equivalent to

system('/bin/sh', '-c', $SHELL_CMD)

The other two execute the program $PROG. system never prevents shell expansion or performs any escaping. There's simply no shell involved.

So your question is about building a shell command. If you were at the prompt, you might use

echo \* | cat -n

or

echo '*' | cat -n

to pass *. You need a function that performs the job of escaping * before interpolating it. Fortunately, one already exists: String::ShellQuote's shell_quote.

$ perl -e'
   use String::ShellQuote qw( shell_quote );
   my $s = "*";
   my $cmd1 = shell_quote("printf", q{%s\n}, $s);
   my $cmd2 = "cat -n";
   my $cmd = "$cmd1 | $cmd2";
   print("Executing <<$cmd>>\n");
   system($cmd);
'
Executing <<printf '%s\n' '*' | cat -n>>
     1  *

I used printf instead of echo since it's very hard to handle arguments starting with - in echo. Most programs accept -- to separate options from non-options, but not my echo.

All these complications beg the question: Why are you shelling out to send an email? It's usually much harder to handle errors from external programs than from libraries.

查看更多
登录 后发表回答