• Login
  • login to access premium content (it's free).

Thursday January 7th, 2016 Terry Riegel

Comma bug with system() tag

Here is some code to test/demonstrate the bug

Updated with a better solution

I have included a page that will demonstrate the bug, and also offer a workaround. The workaround is system specific, it assumes Linux as the underlying platform and also assumes the system folder is set and set to /.

The idea of the workaround it to postprep() the command, send it, unpostprep it, and finally execute it. See: this page for the unpostprep part of the solution.

The Workaround

function system_with_commas(cmd) do
  return system(^bin/echo ^+postprep(cmd)+^ | sed "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf "%b" | /bin/bash^) /return
/function

Demonstrate the Problem

<<
 function system_with_commas(cmd) do
  return system(^bin/echo ^+postprep(cmd)+^ | sed "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf "%b" | /bin/bash^) /return
 /function
>>
<html>
 <head>
  <title>Comma Bug</title>
 </head>
 <body>
  <h1>System tag Comma Bug</h1>
  <p>When submitting a command using the system tag it seems to be eating commas from the input. On this installation the system folder is /.
  <hr>
  <pre><<system('bin/echo -n "Hello,1,2,3,4, World"')>></pre>
  <hr>
  <pre><<system('bin/echo -n "Hello,1,2,3,4, World"')>></pre>
  <hr>
  <p>Typing the same command from the command line yields the following...
  <hr>
  <pre>Hello,1,2,3,4, World</pre>
  <hr>
  <h2>Is the bug fixed?</h2>
  NATIVE:<br><<system('bin/echo -n "Hello,1,2,3,4, World"')>>
  <hr>
  SYSCALL.SH:<br><<system(^usr/bin/syscall.sh ^+postprep('/bin/echo -n "Hello,1,2,3,4, World"'))>>
  <hr>
  WITH_COMMAS:<br><<system_with_commas('/bin/echo -n "Hello,1,2,3,4, World"')>>
 </body>
</html>

To fix change any system calls to this...

Be sure to include the function at the top of the example in your code somewhere.

   BEFORE: temp=system(command)
    AFTER: temp=system_with_commas(command))

This alternate solution is not recommended. It is here for historical reasons.

Alternate Solution

Older Solution Requiring SSH access to the underlying server

Here is a shell script that can be used to get around the bug

#!/bin/bash

urldecode() {
    # urldecode <string>
    local url_encoded="${1//+/ }"
    printf '%b' "${url_encoded//%/\x}"
}

cmd=$(urldecode $1)
eval $cmd

Be sure to save it to /usr/bin/syscall.sh and chmod 755 /usr/bin/syscall.sh

To fix change any system calls to this...

   BEFORE: temp=system(command)
    AFTER: temp=system(^usr/bin/syscall.sh ^+postprep('/'+command))

Also I have reported the bug over here...

Comma bug Report

Comma bug with system() tag (Permalink)