Item12615: CLI script parameter processing is inconsistent.
Priority: Urgent
Current State: Closed
Released In: 1.1.9
Target Release: patch
CLI script parameter processing is inconsistent.
Parameters can be entered in three different formats
-
parameter=value
-
-parameter=value
-
-parameter value
The regex that extracts these from the command line is:
if ( $arg =~ /^-?([a-z0-9_]+)=(.*)$/i ) {
( $name, $arg ) = ( TAINT($1), TAINT($2) );
}
elsif ( $arg =~ /^-([a-z0-9_]+)/ ) {
( $name, $arg ) = ( TAINT($1), shift(@args) );
}
The first regex is case insensitive, It will successfully match the first 2 formats, and tolerates upper/lower case.
-
MyParam=blah
-
-MyParam=blah
The second regex, matches format 3, but is not case insensitive, it only finds and extracts lower case parameters
-
-myparam blah
matches
-
-MyParam blah
is incorreclty ignored.
The 2nd regex should be:
$arg =~ /^-([a-z0-9_]+)/i
I think that this is low risk enough to go into 1.1.9
--
GeorgeClark - 25 Oct 2013
I looked back at the history of this and it's a typo. When I added the non-equals version I missed that the equals version was
/i
.
So yes, low risk, do it for 1.1.9.
--
CrawfordCurrie - 26 Oct 2013