Replace Quotes with Escaped Quotes in String

Peter TB Brett peter.brett at livecode.com
Wed Dec 16 10:21:55 EST 2015


On 16/12/2015 15:00, Brahmanathaswami wrote:
> Sorry but this did not work:
>
> replace "'" with "\'" in tBody
> put merge("echo '[[tBody]]' | ") into tCmd
> put format ("mail -s \"Visitor Care Notice\" -r \"No-Reply at hindu.org\" "
> & tAddresses) after tCmd
> get shell(tCmd)
>
> tBody = Peter is visiting Kauai from Scotland. He says "It's a great
> day...Finally I get a break from coding and get to leave this island in
> the northern hinterland and go to another one in the Pacific Blue."
>
> email arrives with quotes stripped out.
>
> Peter is visiting Kauai from Scotland. He says It's a great
> day...Finally I get a break from coding and get to leave this island in
> the northern hinterland and go to another one in the Pacific Blue.
>
> Back the first question: how do we replace double quotes in a field or
> variable?

By the way, for security reasons you *must* ensure that the contents of 
tBody and tAddresses are fully stripped of any shell metacharacters like 
` or $.  One of the good things about using single quotes '...' is that 
the shell does no expansion at all in a single-quoted string.

If you don't, anybody who can affect the contents of tAddresses or tBody 
can possibly execute arbitrary code on your server.

                                          Peter

-- 
Dr Peter Brett <peter.brett at livecode.com>
LiveCode Open Source Team

LiveCode on reddit: https://reddit.com/r/livecode




More information about the Use-livecode mailing list