Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!uunet!mcsun!unido!mikros!mwtech!martin From: martin@mwtech.UUCP (Martin Weitzel) Newsgroups: comp.unix.shell Subject: Re: sed 's/foobar/$string/g'.... can't do this? Keywords: sed Message-ID: <1069@mwtech.UUCP> Date: 30 Jan 91 13:18:20 GMT References: <1991Jan17.003856.469@unicorn.cc.wwu.edu> <135@edi386.UUCP> <1991Jan21.124531.27867@siesoft.co.uk> <7ejp01gY0c.900@amdahl.uts.a Reply-To: martin@mwtech.UUCP (Martin Weitzel) Distribution: comp Organization: MIKROS Systemware, Darmstadt/W-Germany Lines: 36 In article <2586@root44.co.uk> gwc@root.co.uk (Geoff Clare) writes: >In <1064@mwtech.UUCP> martin@mwtech.UUCP (I) writes: > >> sed 's/foobar/'"$string"'/g' > >>BTW: There's no simple way to stop sed from complaining when the variable ^^^^^^^^^ >>`string' contains a slash, except if you know that it does contain a slash >>and use some other seperator in the s-commando. > >Yes there is. Simply create a copy of $string with '/' changed to '\/'. ^^^^^^ >While you're at it, you can treat '&' and '\' the same way to prevent >sed from interpreting '&', '\1', etc. if they happen to occur in $string. > >Xstring=`sed 's/[\/&\\]/\\&/g' <$string >! >` >sed 's/foobar/'"$Xstring"'/g' Obviously our view of "simple" differs :-). IMHO no need to argue further. Geoff's proposual to also protect embedded backslashes is important for another reason: What would happen if "$string" contains the two characters backslash and slash in sequence and you would only change the "/" to "\/" ? One loophole still remains even in Geoff's solution: embedded newlines in $string. It might not be important in many cases, but if the contents of "$strings" comes from any kind of user input (procedure arg, interactive read), the user may be able to create trouble. Again that might be not important, but trying to break some program in an unforseen way might be the first step for an intruder to create a security breach - one of the best practical examples for this was the "Internet Worm". -- Martin Weitzel, email: martin@mwtech.UUCP, voice: 49-(0)6151-6 56 83