* cmdproxy.c (try_dequote_cmdline): Notice variable substitutions in

quoted strings and bail out.

diff --git a/nt/ChangeLog b/nt/ChangeLog
index 57816b3511ae84680631ea1a4fb635d18eff307e..05fccf1c713f6cd526b0ea6d8adf5e59cb48ee93 100644 (file)
--- a/nt/ChangeLog
+++ b/nt/ChangeLog
@@ -1,3 +1,8 @@
+2011-04-27  Daniel Colascione  <dan.colascione@gmail.com>
+
+       * cmdproxy.c (try_dequote_cmdline): Notice variable substitutions
+       inside quotation marks and bail out.
+
 2011-04-26  Daniel Colascione <dan.colascione@gmail.com>
 
        * cmdproxy.c (try_dequote_cmdline): New function.

diff --git a/nt/cmdproxy.c b/nt/cmdproxy.c
index fe128fd17c4ff8ec2dc5e2ace659de8b6dd54c09..8c39694deccc87b4964ed36f679e17f6b98b2b17 100644 (file)
--- a/nt/cmdproxy.c
+++ b/nt/cmdproxy.c
@@ -362,10 +362,20 @@ try_dequote_cmdline (char* cmdline)
           state = NORMAL;
           break;
         case INSIDE_QUOTE:
-          *new_pos++ = c;
-          if (c == '"')
-            state = NORMAL;
-          
+          switch (c)
+            {
+            case '"':
+              *new_pos++ = c;
+              state = NORMAL;
+              break;
+            case '%':
+            case '!':
+              /* Variable substitution inside quote.  Bail out.  */
+              return 0;
+            default:
+              *new_pos++ = c;
+              break;
+            }
           break;
         }
     }