From just a functionality standpoint, how is even the patched version supposed to work? It seems to undefine the variable:
% E='() { echo hi; }; echo cry' bash -c 'echo "-$E-"'
bash: warning: E: ignoring function definition attempt
bash: error importing function definition for `E'
--
Since everyone's favorite example seems to be CGI scripts, doesn't this result in the script having no variable, as opposed to just a text one? Suddenly the script can break because an expected variable is no longer present simply because the input had a certain odd looking form?
In fact, if I wanted my variable to be a function, why wouldn't I just explicitly eval it? What's the use case at all for this functionality?
In fact, if I wanted my variable to be a function, why wouldn't I just explicitly eval it? What's the use case at all for this functionality?