使用printf%q使加引号的字符串可用作外壳脚本输入
[英]Using printf %q to make a quoted string usable as shell script input
问题描述
Within a bash script, I am trying to append a command string that is single and double quoted to a file ( .profile ). 
在bash脚本中,我尝试将单引号和双引号引起的命令字符串附加到文件( .profile )。
I would like to use echo and then >> the command to .profile . 我想使用echo ,然后将命令>> .profile 。 Of course, I am open to any solution that works. 当然,我愿意接受任何可行的解决方案。
The command I would like to use is echo "curl -X POST -H "Content-Type: application/json" -d '{"value1":"PHONENUMBER","value2":"MESSAGE"}' https://maker.ifttt.com/trigger/TRIGGER/with/key/KEY &> /dev/null" >> .profile but clearly this doesn't work within my bash script. 我要使用的命令是echo "curl -X POST -H "Content-Type: application/json" -d '{"value1":"PHONENUMBER","value2":"MESSAGE"}' https://maker.ifttt.com/trigger/TRIGGER/with/key/KEY &> /dev/null" >> .profile但显然这在我的bash脚本中不起作用。
I am not clear on how printf %q works and don't understand how to apply it to my problem. 我对printf %q工作方式不清楚,也不清楚如何将其应用于我的问题。
I have tried this 我已经试过了
`CMDSTRING='curl -X POST -H "Content-Type: application/json" -d '`
`CMDSTRING=${CMDSTRING}"'"`
`CMDSTRING=${CMDSTRING}'{"value1":"+PHONENUMBER","value2":"MESSAGE"}'`
`CMDSTRING=${CMDSTRING}"'"`
`CMDSTRING=${CMDSTRING}' https://maker.ifttt.com/trigger/TRIGGER/with/key/KEY &> /dev/null'`
`echo $CMDSTRING`
1 个解决方案
解决方案1
2 2019-05-06 12:11:10
Using printf '%q' to generate .profile content looks something like the following: 使用printf '%q'生成.profile内容类似于以下内容:
{
printf '%q ' \
curl -X POST -H "Content-Type: application/json" \
-d '{"value1":"PHONENUMBER","value2":"MESSAGE"}' \
https://maker.ifttt.com/trigger/TRIGGER/with/key/KEY
printf '%s\n' "&>/dev/null"
} >> .profile
Note that you cannot use the %q format string if you want &>/dev/null to be parsed as syntax, since by its very nature it formats everything it's passed to be parsed as data. 请注意,如果您想将&>/dev/null解析为语法, 则不能使用%q格式字符串,因为就其本质而言,它会将传递给它的所有内容格式化为数据。
Thus, we use printf '%q ' "command name" "first argument" ... for the actual command itself, and format the redirection out-of-band. 因此,我们将printf '%q ' "command name" "first argument" ...用于实际命令本身,并格式化带外重定向。
That said, note that there's value to the above only if you're substituting variables from an untrusted source (rather than hardcoding them as in the example), and are worried about invalid values being abused for command injection. 就是说,请注意,仅当您从不受信任的源替换变量时才具有上述价值 (而不是像示例中那样对其进行硬编码),并且担心无效值会被滥用以进行命令注入。 If you're truly just appending a constant string to the end of a file, a quoted heredoc will let you build more natural-looking shell quoting manually (indeed, as you've already done!), and pass it through verbatim: 如果您确实只是在文件末尾附加一个常量字符串,则用引号heredoc可以使您手动构建更自然的shell引用(实际上,您已经这样做了!),并将其逐字传递:
cat >>.profile <<'EOF'
curl -X POST -H "Content-Type: application/json" \
-d '{"value1":"PHONENUMBER","value2":"MESSAGE"}' \
https://maker.ifttt.com/trigger/TRIGGER/with/key/KEY &> /dev/null
EOF
Here, everything between the <<'EOF' and the EOF are passed through exactly-as-given, including quotes and parameter expansions the shell might otherwise try to interpret. 在这里, <<'EOF'和EOF之间的所有内容都按照给定的方式传递, 包括引号和shell可能尝试解释的参数扩展。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.