[ic] Bugfix for image.tag

Jon Jensen jon at endpoint.com
Tue Mar 15 15:28:17 UTC 2011

On Tue, 15 Mar 2011, Josh Lavin wrote:

>> Remove bad characters from directory names in image.tag, quote geometry 
>> option
>> Problem found when using:
>> [image src="foo.gif" makesize="200x500>"]
>> https://github.com/jlavin/interchange/commit/4fd3e7521470f737b014267cc7dd20ae25bd6a1f
> I found another instance of the "bad characters in directory names", so here 
> is an additional commit:
> https://github.com/jlavin/interchange/commit/dd41ce1962b9e25e5d23e9f020630c94b15e3fc0


I'm curious how you arrived at your set of "bad characters" here:


What is wrong with @ or % in filenames?

And on the other hand, & ` $ ~ ( ) { } ' " ? * \ ; | aren't removed but 
are active troublesome shell metacharacters. (And there may be others.)

It might be best if we leverage a CPAN module where someone has already 
solved this problem better than we will. A brief search turned up:


which seems to quote everything but a whitelisted set of valid characters, 
which is a safer approach to security functions like this.

We could just copy the String::ShellQuote regex if we don't want to add 
another dependency.

What do you think?


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list