Cocoa 运行已经包含双引号的 AppleScript [英] Cocoa run AppleScript that already contains double quotes
问题描述
我有一个需要管理员权限才能执行 cmd 的 Cocoa 应用程序,但在某些极端情况下,例如包含双引号的文件名,此代码不起作用.
I have a Cocoa application that need admin permission to execute a cmd, but in some extreme case like filename containing double quote, this code does not work.
NSString *fileName = @"~/Documents/My\" File/";
NSString *cmd = [NSString stringWithFormat:@"chown -R '%@' '%@';NSUserName(), fileName];
NSString *cmd_execute = [NSString stringWithFormat:@"do shell script
\"%@\" with administrator privileges",cmd_execute];
//This line is the problem, our %@ contains double quote, so cocoa
//cannot interpret correctly.
推荐答案
以下是使用 NSAppleScript 将参数传递给 AppleScript 处理程序的正确方式:
Here is the correct way to pass arguments into an AppleScript handler using NSAppleScript:
// load/compile AppleScript
NSAppleScript *scpt = [[NSAppleScript alloc] initWithSource:
@"on joinText(a, b)\n"
@" return a & b\n"
@"end addTo"];
NSString *arg1 = @"Hello ";
NSString *arg2 = @"World!";
// pack positional parameters
NSAppleEventDescriptor *params = [NSAppleEventDescriptor listDescriptor];
[params insertDescriptor: [NSAppleEventDescriptor descriptorWithString: arg1] atIndex: 1];
[params insertDescriptor: [NSAppleEventDescriptor descriptorWithString: arg2] atIndex: 2];
// build Apple event to invoke user-defined handler in script
NSAppleEventDescriptor *eventDesc = [NSAppleEventDescriptor appleEventWithEventClass: 'ascr'
eventID: 'psbr'
targetDescriptor: [NSAppleEventDescriptor nullDescriptor]
returnID: 0
transactionID: 0];
[eventDesc setDescriptor: params forKeyword: '----'];
[eventDesc setDescriptor: [NSAppleEventDescriptor descriptorWithString: @"joinText"] forKeyword: 'snam'];
// invoke handler
NSDictionary *errorInfo = nil;
NSAppleEventDescriptor *resultDesc = [scpt executeAppleEvent: eventDesc error: &errorInfo];
if (resultDesc)
NSLog(@"Result: %@\n", [resultDesc stringValue]);
else
NSLog(@"Error: %@\n", errorInfo);
这避免了动态修改和编译 AS 脚本的需要——正如您的原始 ObjC 代码所展示的那样,这是一个很好的机会,可以将错误和安全漏洞引入您的程序,因为清理不充分.
This avoids the need to munge and compile AS scripts on the fly - which, as your original ObjC code demonstrates, is a rich opportunity to introduce bugs and security holes into your program due to inadequate sanitization.
...
这是在 AppleScript 中组装 shell 脚本字符串的正确方法:
And here is the correct way to assemble shell script strings in AppleScript:
do shell script ("chown -R " & quoted form of username & " " & quoted form of filepath)
AppleScript 的 do shell script 命令没有提供传递参数的安全机制(它在很多其他方面也有缺陷),但是 AS 字符串有一个 引用形式 属性至少返回适合连接到 shell 脚本字符串的文本的引用和转义版本.
AppleScript's do shell script command doesn't provide a safe mechanism for passing arguments (it's deficient in a lot of other ways too), but AS strings have a quoted form property that at least returns a quoted and escaped version of the text suitable for concatenating into a shell script string.
...
当然,通过 do shell script AppleScript 调用 shell 只是为了运行具有升级权限的 chmod 本身并不是一点点hacky,尽管这主要是 Apple 的错没有为此提供简单官方 API(例如,通过向 NSUserScriptTask 添加以管理员权限运行"选项).
Of course, calling into shell via do shell script AppleScript just to run chmod with escalated priveleges is not a little hacky in itself, though this is mostly Apple's fault for not providing a simple official API for doing so (e.g. by adding a 'run with admin privileges' option to NSUserScriptTask).
Apple 确实提供了一个示例项目,SMJobBless 展示了如何添加和使用服务管理框架运行特权进程并启动.但这是一个足够复杂的解决方案,很多人会(有意或无意地)偷工减料或完全做错事,这与提供一种安全的做事方式的初衷背道而驰.但您需要与 Apple 协商.
Apple do provide a sample project, SMJobBless that shows how to add and run privileged processes using the Service Management framework and launchd. But it's a sufficiently complex solution that a lot of folks will (knowingly or unknowingly) cut corners or do the wrong thing entirely, which rather defeats the point of providing a secure way of doing things in the first place. But you'll need to take that up with Apple.
这篇关于Cocoa 运行已经包含双引号的 AppleScript的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
