Add % and \r [C/R] to the dangerous Win32/OS2 characters.

author William A. Rowe Jr <wrowe@apache.org>

Thu, 21 Mar 2002 16:02:03 +0000 (16:02 +0000)

committer William A. Rowe Jr <wrowe@apache.org>

Thu, 21 Mar 2002 16:02:03 +0000 (16:02 +0000)
author William A. Rowe Jr <wrowe@apache.org>
Thu, 21 Mar 2002 16:02:03 +0000 (16:02 +0000)
committer William A. Rowe Jr <wrowe@apache.org>
Thu, 21 Mar 2002 16:02:03 +0000 (16:02 +0000)
diff --git a/src/main/gen_test_char.c b/src/main/gen_test_char.c

index dc33a73d86bf7a53c48b1b8f063e60b8cdf908d2..fae846644429d2abac3f886022f2faa08fb67977 100644 (file)
--- a/src/main/gen_test_char.c
+++ b/src/main/gen_test_char.c
@@ -37,9 +37,23 @@ int main(int argc, char *argv[])
             printf("\n    ");
  
         /* escape_shell_cmd */
-       if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
+#if defined(WIN32) || defined(OS2)
+        /* Win32/OS2 have many of the same vulnerable characters
+         * as Unix sh, plus the carriage return and percent char.
+         * The proper escaping of these characters varies from unix
+         * since Win32/OS2 use carets or doubled-double quotes, 
+         * and neither lf nor cr can be escaped.  We escape unix 
+         * specific as well, to assure that cross-compiled unix 
+         * applications behave similiarly when invoked on win32/os2.
+         */
+        if (strchr("&;`'\"|*?~<>^()[]{}$\\\n\r%", c)) {
             flags |= T_ESCAPE_SHELL_CMD;
         }
+#else
+        if (strchr("&;`'\"|*?~<>^()[]{}$\\\n", c)) {
+           flags |= T_ESCAPE_SHELL_CMD;
+       }
+#endif
  
         if (!ap_isalnum(c) && !strchr("$-_.+!*'(),:@&=~", c)) {
             flags |= T_ESCAPE_PATH_SEGMENT;
author	William A. Rowe Jr <wrowe@apache.org>
	Thu, 21 Mar 2002 16:02:03 +0000 (16:02 +0000)
committer	William A. Rowe Jr <wrowe@apache.org>
	Thu, 21 Mar 2002 16:02:03 +0000 (16:02 +0000)