summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorPatrick McDermott <patrick.mcdermott@libiquity.com>2019-03-12 12:07:06 (EDT)
committer Patrick McDermott <patrick.mcdermott@libiquity.com>2019-03-12 12:07:06 (EDT)
commitb857ead4151b087cff6395a4c08f0d954bbf53fd (patch)
treee0bb3ed6d4411cde75f213f0d028e74d373c0166 /lib
parent0fb73d07d24154b8a3b14c54faf164a5e5e92a2f (diff)
ob_substvars(): Validate variable names
Diffstat (limited to 'lib')
-rw-r--r--lib/control.sh11
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/control.sh b/lib/control.sh
index 439f52a..5be3fbe 100644
--- a/lib/control.sh
+++ b/lib/control.sh
@@ -273,6 +273,17 @@ ob_substvars()
fi
old_rhs="${rhs}"
+ # Validate the variable name.
+ case "${name}" in *[!A-Za-z0-9-]* | '')
+ _ob_warn_msg 'substvar_invalid' "${name}"
+ # Remove the variable expansion altogether. We can't
+ # just leave the variable unexpanded, because the
+ # presence of the "${" characters would cause this
+ # parser to loop infinitely.
+ string="${lhs}${rhs}"
+ continue
+ esac
+
# Perform the substitution.
name="$(echo "${name}" | tr 'a-z-' 'A-Z_')"
value="$(eval echo \"\$\{"_OB_SUBSTVAR_${name}"\}\")"