Thursday January 7th, 2016 Terry Riegel
Comma bug with system() tag
Here is some code to test/demonstrate the bug
Updated with a better solution
I have included a page that will demonstrate the bug, and also offer a workaround. The workaround is system specific, it assumes Linux as the underlying platform and also assumes the system folder is set and set to /.
The idea of the workaround it to postprep() the command, send it, unpostprep it, and finally execute it. See: this page for the unpostprep part of the solution.
The Workaround
function system_with_commas(cmd) do
  return system(^bin/echo ^+postprep(cmd)+^ | sed "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf "%b" | /bin/bash^) /return
/function
Demonstrate the Problem
<<
 function system_with_commas(cmd) do
  return system(^bin/echo ^+postprep(cmd)+^ | sed "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf "%b" | /bin/bash^) /return
 /function
>>
<html>
 <head>
  <title>Comma Bug</title>
 </head>
 <body>
  <h1>System tag Comma Bug</h1>
  <p>When submitting a command using the system tag it seems to be eating commas from the input. On this installation the system folder is /.
  <hr>
  <pre><<system('bin/echo -n "Hello,1,2,3,4, World"')>></pre>
  <hr>
  <pre><<system('bin/echo -n "Hello,1,2,3,4, World"')>></pre>
  <hr>
  <p>Typing the same command from the command line yields the following...
  <hr>
  <pre>Hello,1,2,3,4, World</pre>
  <hr>
  <h2>Is the bug fixed?</h2>
  NATIVE:<br><<system('bin/echo -n "Hello,1,2,3,4, World"')>>
  <hr>
  SYSCALL.SH:<br><<system(^usr/bin/syscall.sh ^+postprep('/bin/echo -n "Hello,1,2,3,4, World"'))>>
  <hr>
  WITH_COMMAS:<br><<system_with_commas('/bin/echo -n "Hello,1,2,3,4, World"')>>
 </body>
</html>
To fix change any system calls to this...
Be sure to include the function at the top of the example in your code somewhere.
   BEFORE: temp=system(command)
    AFTER: temp=system_with_commas(command))
This alternate solution is not recommended. It is here for historical reasons.
Alternate Solution
Older Solution Requiring SSH access to the underlying server
Here is a shell script that can be used to get around the bug
#!/bin/bash
urldecode() {
    # urldecode <string>
    local url_encoded="${1//+/ }"
    printf '%b' "${url_encoded//%/\x}"
}
cmd=$(urldecode $1)
eval $cmd
Be sure to save it to /usr/bin/syscall.sh and chmod 755 /usr/bin/syscall.sh
To fix change any system calls to this...
   BEFORE: temp=system(command)
    AFTER: temp=system(^usr/bin/syscall.sh ^+postprep('/'+command))
Also I have reported the bug over here...
 

