Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

9
  • @Philippe Could you please explain a bit more about how quoting "'"${SearchTerm}"'" helps in keeping it outside sh -c? Commented Jan 22, 2020 at 8:08
  • 1
    This introduces a code injection vulnerability as you are modifying the actual script that you're later running. Commented Jan 22, 2020 at 9:06
  • 1
    I do agree. The solution I gave is what I think he wanted to do, and I assume he has total control of $SearchTerm. Commented Jan 22, 2020 at 9:30
  • @Kusalananda, that's clearly what the OP wants, they want to run arbitrary code (at least arbitrary expansions) for each of the selected directories. Commented Jan 22, 2020 at 10:17
  • @GordonDavisson, single quotes are not going to be much of a problem there. The user only needs to bear in mind that the argument to FIND has to be shell code that is valid within double quotes. FIND "\$d/it's cool" would happily return the searchable directories that contain a regular file called it's cool. But you'd need FIND '$d/it\"s cool' to find directories that contain a it"s cool file. Commented Jan 22, 2020 at 10:22