Comment Re:It's been in bash a while. (Score 2) 318
Oh, and as an addendum, I consider anything that originates from the client, something that the user can generate.
i.e. untrusted input is untrusted input. People get far to specific about that kind of thing. If you're taking input from a client, and passing it to a system executable in some way, that's bad.