如何转义任意字符串在Windows中作为命令行参数使用? [英] How can I escape an arbitrary string for use as a command line argument in Windows?
问题描述
我有一个字符串列表,我想在一个Windows命令行调用传递这些字符串作为参数。对于简单的字母数字字符串,只需将它们逐字传递即可:
script.pl foo bar baz yes no
foo
bar
baz
是
无
我理解,如果一个参数包含空格或双引号,我需要反斜杠转义双引号和反斜杠,然后双引号的参数。
> script.pl foo bar baz\yes \\\\no\
foo
bar
baz
yes\ no
但是当我尝试传递带有字面百分比符号的参数时, p>
> script.pl%PATH%
C:\Program
Files\PHP\; C:\spaceless\perl\bin\; C:\Program
文件\IBM\Java60\bin;
(... etc。)
双引号无效:
> script.pl%PATH%
C:\Program Files\PHP\; C:\spaceless\perl\bin\; C:\Program Files\IBM\Java60 \bin; (...等等)
也不是反斜杠转义(注意反斜杠在输出):
> script.pl \%PATH\%
\%PATH\%
此外,反斜杠转义反斜杠的规则不一致:
> script.pl\\yes\\
\\yes\
> script.pl\yes\\
\yes\
> script.pl\yes\
\yes
在Windows命令行shell中有特殊字符,非常类似于所有shell。那么,什么是安全地转义任意命令行参数以在Windows命令行中使用的一般程序? / p>
理想的答案将描述一个函数 escape(),可以用于下面的情况):
$ cmd = join,map {escape($ _);} @args;
这里是一些更多的示例字符串,应该由这个函数安全地转义(我知道其中一些看起来像Unix,故意):
是
否
child.exe
参数1
Hello,world
Helloworld
\some\path with\spaces
C:\Program Files \
她说,你有我在hello
参数2
\some\directory with\spaces\
\
\\
\\ \
\\\\
\\\\\
\
\T
\ \T
!1
!A
!\ /'
Jeff's!
$ PATH
%PATH%
&
<> |& ^
()%!^<& |
> \\.\ nul
恶意参数 & whoami
* @ $$ A $ @#?-_
这里是一个msdn博客文章显示如何。但是,它假定每个命令行程序都内部使用 CommandLineToArgvW 解析它的命令行(不是一个破旧的假设,因为它是Shell32库的一部分)。
I have a list of strings and I want to pass those strings as arguments in a single Windows command line call. For simple alphanumeric strings it suffices to just pass them verbatim:
> script.pl foo bar baz yes no
foo
bar
baz
yes
no
I understand that if an argument contains spaces or double-quotes, I need to backslash-escape the double-quotes and backslashes, and then double-quote the argument.
> script.pl foo bar baz "\"yes\"\\\"no\""
foo
bar
baz
"yes"\"no"
But when I try to pass an argument with literal percent signs, this happens:
> script.pl %PATH%
C:\Program
Files\PHP\;C:\spaceless\perl\bin\;C:\Program
Files\IBM\Java60\bin;
(...etc.)
Double quoting doesn't work:
> script.pl "%PATH%"
C:\Program Files\PHP\;C:\spaceless\perl\bin\;C:\Program Files\IBM\Java60\bin; (...etc.)
Nor does backslash-escaping (notice how the backslashes are present in the output):
> script.pl \%PATH\%
\%PATH\%
Also, the rules are inconsistent for backslash-escaping backslashes:
> script.pl "\\yes\\"
\\yes\
> script.pl "\yes\\"
\yes\
> script.pl "\yes\"
\yes"
Also, doubtless there are special characters in the Windows command line shell, much like there are in all shells. What, then, is the general procedure for safely escaping arbitrary command line arguments for use at the Windows command line?
The ideal answer will describe a function escape() which can be used in situations like the following (a Perl example):
$cmd = join " ", map { escape($_); } @args;
Here are some more example strings which should be safely escaped by this function (I know some of these look Unix-like, that's deliberate):
yes
no
child.exe
argument 1
Hello, world
Hello"world
\some\path with\spaces
C:\Program Files\
she said, "you had me at hello"
argument"2
\some\directory with\spaces\
"
\
\\
\\\
\\\\
\\\\\
"\
"\T
"\\T
!1
!A
"!\/'"
"Jeff's!"
$PATH
%PATH%
&
<>|&^
()%!^"<>&|
>\\.\nul
malicious argument"&whoami
*@$$A$@#?-_
Here is an msdn blogpost showing how. It however assumes that every command line program internally uses CommandLineToArgvW to parse it's command line (not a shabby assumption, since it's part of the Shell32 library).
这篇关于如何转义任意字符串在Windows中作为命令行参数使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
