Replace Quotes with Escaped Quotes in String
Peter TB Brett
peter.brett at livecode.com
Wed Dec 16 10:21:55 EST 2015
On 16/12/2015 15:00, Brahmanathaswami wrote:
> Sorry but this did not work:
>
> replace "'" with "\'" in tBody
> put merge("echo '[[tBody]]' | ") into tCmd
> put format ("mail -s \"Visitor Care Notice\" -r \"No-Reply at hindu.org\" "
> & tAddresses) after tCmd
> get shell(tCmd)
>
> tBody = Peter is visiting Kauai from Scotland. He says "It's a great
> day...Finally I get a break from coding and get to leave this island in
> the northern hinterland and go to another one in the Pacific Blue."
>
> email arrives with quotes stripped out.
>
> Peter is visiting Kauai from Scotland. He says It's a great
> day...Finally I get a break from coding and get to leave this island in
> the northern hinterland and go to another one in the Pacific Blue.
>
> Back the first question: how do we replace double quotes in a field or
> variable?
By the way, for security reasons you *must* ensure that the contents of
tBody and tAddresses are fully stripped of any shell metacharacters like
` or $. One of the good things about using single quotes '...' is that
the shell does no expansion at all in a single-quoted string.
If you don't, anybody who can affect the contents of tAddresses or tBody
can possibly execute arbitrary code on your server.
Peter
--
Dr Peter Brett <peter.brett at livecode.com>
LiveCode Open Source Team
LiveCode on reddit: https://reddit.com/r/livecode
More information about the use-livecode
mailing list