# HG changeset patch
# User Bruno Haible <bruno@clisp.org>
# Date 1229427145 -3600
# Node ID 8985a457ead71ffbf3097047d7afd6ac60bf0f6d
# Parent  728584283d127a6f539aa74d1cb3a2171b27e6db
Fix security problem in test-parse-duration.sh.

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-12-16  Bruno Haible  <bruno@clisp.org>
+
+	* tests/test-parse-duration.sh: Fix quoting of $tmp and $tmpf
+	expressions.
+
 2008-12-15  Bruno Haible  <bruno@clisp.org>
 
 	* doc/glibc-functions/fgetxattr.texi: Tweak wording.
diff --git a/tests/test-parse-duration.sh b/tests/test-parse-duration.sh
--- a/tests/test-parse-duration.sh
+++ b/tests/test-parse-duration.sh
@@ -46,10 +46,10 @@
 }
 
 func_tmpdir
-trap "rm -rf ${tmp}" EXIT
-tmpf=${tmp}/tests.txt
+trap 'rm -rf "${tmp}"' EXIT
+tmpf="${tmp}/tests.txt"
 
-cat > ${tmpf} <<- _EOF_
+cat > "${tmpf}" <<- _EOF_
 	1 Y 2 M 3 W 4 d 5 h 6 m 7 s
 	P 00010225 T 05:06:07
 	P 1Y2M3W4D T 5H6M7S
@@ -59,9 +59,9 @@
 	P 1-2-25 T 5:6:7
 	_EOF_
 
-ls -l $tmpf
+ls -l "${tmpf}"
 
-exec 3< ${tmpf}
+exec 3< "${tmpf}"
 while read -u3 line
 do
     v=`${exe} "${line}"` || die "Failed: ${exe} '${line}'"