diff options
author | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-03-12 12:07:06 (EDT) |
---|---|---|
committer | Patrick McDermott <patrick.mcdermott@libiquity.com> | 2019-03-12 12:07:06 (EDT) |
commit | b857ead4151b087cff6395a4c08f0d954bbf53fd (patch) | |
tree | e0bb3ed6d4411cde75f213f0d028e74d373c0166 /lib | |
parent | 0fb73d07d24154b8a3b14c54faf164a5e5e92a2f (diff) |
ob_substvars(): Validate variable names
Diffstat (limited to 'lib')
-rw-r--r-- | lib/control.sh | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/control.sh b/lib/control.sh index 439f52a..5be3fbe 100644 --- a/lib/control.sh +++ b/lib/control.sh @@ -273,6 +273,17 @@ ob_substvars() fi old_rhs="${rhs}" + # Validate the variable name. + case "${name}" in *[!A-Za-z0-9-]* | '') + _ob_warn_msg 'substvar_invalid' "${name}" + # Remove the variable expansion altogether. We can't + # just leave the variable unexpanded, because the + # presence of the "${" characters would cause this + # parser to loop infinitely. + string="${lhs}${rhs}" + continue + esac + # Perform the substitution. name="$(echo "${name}" | tr 'a-z-' 'A-Z_')" value="$(eval echo \"\$\{"_OB_SUBSTVAR_${name}"\}\")" |