From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 337af1dc for ; Wed, 18 Dec 2019 08:32:41 +0000 (UTC) Received: (qmail 14220 invoked by alias); 18 Dec 2019 08:32:34 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 45081 Received: (qmail 2066 invoked by uid 1010); 18 Dec 2019 08:32:34 -0000 X-Qmail-Scanner-Diagnostics: from mail-wr1-f65.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.1/25663. spamassassin: 3.4.2. Clear:RC:0(209.85.221.65):SA:0(-2.0/5.0):. Processed in 1.431164 secs); 18 Dec 2019 08:32:34 -0000 X-Envelope-From: stephane.chazelas@gmail.com X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.221.65 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id :mail-followup-to:references:mime-version:content-disposition :content-transfer-encoding:in-reply-to:user-agent; bh=xEwTpflMkajgK+DoRidkFDn3FhSIpGDA/ahuA90k+T4=; b=rm+7S7/WqL4cYnLg3JdMIHKh0/zOX/cm7ZuZ/B3W55Hv79hzNy8cVa4w6ntrkSChSd n7dFZrxtLNYenzCmYApG5JyM2FTDGLFLeVgwhnb+gulw17ZL5ZidfczPc5GddNhEXe7B w0P/dnDDm4+uKdka/+uEHpFeZXKcKztzuRIblYkfKVtL0HVgj6KfyK6+v6eSNh3FCE5C KPVml5WG0lounoJsGlEkYiAaVK0hD7TtOnY7TcZEMT/qzmw6GldiBGChJmejHCA59mZA yvShXqJgV50cs+DNQPOQgILcNwI02ENguuj8DksNU8axG83Th3W2NJgt8z8rXEgWmdFp mGsA== X-Gm-Message-State: APjAAAVUm/zfje2smgUmHTayZoLytk2W5n9gdD7mqIVzxbKnReg5qz7/ 3Lf4RlLKv2V+b7K0EGWLwANTRKqK X-Google-Smtp-Source: APXvYqxryeetAjcAEsvHLuysMxrb0mgfWqGzo1nDdJYM+PCyE/CNiEdwF9c4HA/LvslyrbkbWbtvfQ== X-Received: by 2002:a5d:4807:: with SMTP id l7mr1406384wrq.64.1576657918104; Wed, 18 Dec 2019 00:31:58 -0800 (PST) Date: Wed, 18 Dec 2019 08:31:55 +0000 From: Stephane Chazelas To: Daniel Shahaf Cc: zsh-workers@zsh.org Subject: Re: [PATCH] Re: regexp-replace and ^, word boundary or look-behind operators Message-ID: <20191218083155.6si7sejaqorbynpd@chaz.gmail.com> Mail-Followup-To: Daniel Shahaf , zsh-workers@zsh.org References: <20191216211013.6opkv5sy4wvp3yn2@chaz.gmail.com> <20191216212706.i3xvf6hn5h3jwkjh@chaz.gmail.com> <20191217073846.4usg2hnsk66bhqvl@chaz.gmail.com> <20191217111113.z242f4g6sx7xdwru@chaz.gmail.com> <2ea6feb3-a686-4d83-ab27-6a582424487c@www.fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <2ea6feb3-a686-4d83-ab27-6a582424487c@www.fastmail.com> User-Agent: NeoMutt/20180716 2019-12-18 00:22:53 +0000, Daniel Shahaf: [...] > > +eval $1=\$5 > > How about «: ${(P)1::="$5"}» to avoid eval? I suppose that would work but would not prevent code injection vulnerabilities if $1 was not guaranteed to contain a valid variable name: $ 1='a[`uname>&2`]' $ : ${(P)1::="$5"} Linux zsh: bad math expression: empty string Linux zsh: bad math expression: empty string Note that uname was run twice suggesting it's potentially less efficient than using eval (IIRC, that was already discussed here. possibly that was fixed in a newer version). Here, I'd say it's the caller's responsibility to make sure they pass a valid lvalue as first argument. -- Stephane