/* * This needs to escape any dangerous characters within the command line * to prevent gaining access to the underlying system shell. */ char *lub_string_encode(const char *string, const char *escape_chars) { char *result = NULL; const char *p; if (!escape_chars) return lub_string_dup(string); if (string && !(*string)) /* Empty string */ return lub_string_dup(string); for (p = string; p && *p; p++) { /* find any special characters and prefix them with '\' */ size_t len = strcspn(p, escape_chars); lub_string_catn(&result, p, len); p += len; if (*p) { lub_string_catn(&result, "\\", 1); lub_string_catn(&result, p, 1); } else { break; } } return result; }
/*--------------------------------------------------------- */ void lub_string_cat(char **string, const char *text) { size_t len = text ? strlen(text) : 0; lub_string_catn(string, text, len); }