Re: Enable compgen even when programmable completions are not available?

[Chet Ramey]

On 6/26/23 8:07 AM, Martin D Kealey wrote:
> hmm, declare -p used to print an array like
> ˋˋˋ
> declare -a array='([0]="value" [1]="value")'
> ˋˋˋ
> At some stage declare -p stopped printing the extra outer quotes, so that
> my approach also stops working.

Back in bash-4.4.

There was a huge discussion on bug-bash back in 2014 about it.

https://lists.gnu.org/archive/html/bug-bash/2014-12/msg00028.html

Since declare is a declaration utility, the parser gets involved when it
recognizes that `declare' is used as a simple command name, so it can
parse the non-option arguments as potential assignment statements. This
includes array subscript assignment and compound array assignment, as
long as the parser can recognize them as assignment statements and mark
the words appropriately.

This means that quoted arguments are not recognized as compound
assignments, which has positive security implications when using untrusted
input. If you want to parse the output of `declare -p' as shell input,
you can't have the quotes there (and don't need them).

This (late 2014) was right after shellshock, so security was a significant
area of scrutiny.

Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU    chet@case.edu    http://tiswww.cwru.edu/~chet/