netbsd-bugs: Re: port-i386/4580: sysinst i386 - no shell metachars in FTP password allowed

Subject: Re: port-i386/4580: sysinst i386 - no shell metachars in FTP password allowed
To: None <lm@cs.rmit.edu.au>
From: Phil Nelson <phil@cs.wwu.edu>
List: netbsd-bugs
Date: 11/26/1997 15:20:01

>i'll investigate to find the ``correct'' way to escape characters in
>urls, and get around to implementing it in ftp(1). i don't know if/how

>From my handy, dandy, HTML book (HTML, The Definitive Guide, 2nd Ed),
the escape mechanism is %xx where xx is a 2 digit hex number.  So to
have a @ as part of a password or other, it would be %40.
: would be %3A .....

>as to the problem at hand (sysinst); wouldn't most of it be solved
>by passing an argv[] style array? or is a system() command being used
>in the back-end?

Sysinst is using system() to get shell stuff to work .... like
		run_prog ("prog 2> /dev/null");

-- 
Phil Nelson                    NetBSD: http://www.netbsd.org
e-mail: phil@cs.wwu.edu        !gifs: http://www.gnu.org/philosophy/gif.html
http://www.cs.wwu.edu/~phil