问题描述
当我的PowerShell脚本运行时,它会提示用户输入密码参数.该密码可以包含任意数量的特殊字符,例如* \〜;(%?.:@/该密码然后用作.exe命令的参数,但由于某些特殊字符无法正确转义,因此通常不正确.
When my PowerShell script runs, it prompts the user for a password parameter. That password can contain any number of special characters like *\~;(%?.:@/That password is then used as a parameter for a .exe command, but it is often incorrect due to some special characters not being escaped properly.
一个过去的密码示例是$(?-.?-(.我唯一需要转义的字符是'(',为了使它可以工作,我将其替换为'`('.但是,该密码现已过期.新密码类似于* \〜;〜(%?.:: @/*注意:这些密码中也混有随机数字和字母,但已被修改.
An example past password was $(?-.?-(. The only characters I needed to escape was '(', which I replaced with '`(' to make it work. However, that password is now expired. The new password is something like *\~;~(%?.:@/*NOTE: these passwords have random numbers and letters mixed into them as well, but have been redacted.
新密码中唯一没有出现的字符是* \〜;%:@/有没有一种简单的方法可以转义所有字符并按原样接受任何用户输入?如果没有,有人会帮我摆脱这些特殊字符吗?
The only characters in the new password NOT in the first are *\~;%:@/Is there an easy way to escape all characters and just take any user input as it is? If not, would someone mind helping me escape these special characters?
param (
[Parameter(Mandatory=$true)][string]$password
)
上面的代码作为脚本的开头,导致控制台提示用户输入.
The above code prefaces the script, causing the console to prompt for user input.
Invoke-Expression -Command "<path_to_exe> -install $user $password"
^这是使用该密码参数的命令
^this is the command that uses that password parameter
我在Stack Overflow,Reddit和其他各种编码论坛/博客上尝试了许多其他建议,但都没有奏效.任何帮助深表感谢!
I have tried many other suggestions on Stack Overflow, Reddit, and other various coding forums/blogs and none have worked. Any help is much appreciated!
推荐答案
您正在使用Invoke-Expression调用外部程序:
You're using Invoke-Expression to call an external program:
-
没有没有理由这样做,并且
Invoke-Expression通常应避免:它会引起引用头痛(如您的情况),但更重要的是,它可以存在安全风险,通常会有更好的解决方案.
There's no reason to do that, and
Invoke-Expressionshould generally be avoided: it causes quoting headaches (as in your case), but, more importantly, it can be a security risk and there are typically better solutions.
- 顺便说一句:不幸的是,即使直接调用,在空字符串参数和带有 embedded
"字符的参数周围也可能存在引用挑战. -请参见脚注[1]和此答案.
- As an aside: Unfortunately, even with direct invocation there can be quoting challenges around empty-string arguments and arguments with embedded
"chars. - see footnote [1] and this answer.
如果您改为直接调用外部程序 -包括PowerShell在内的任何外壳程序都可以这样做-您的问题很可能会消失:
& <path_to_exe> -install $user $password
注意:&,PowerShell的呼叫运算符,仅当可执行文件的路径用引号(例如,"C:\Program Files\foo.exe")和/或通过变量引用(例如,$HOME\foo.exe)指定时才需要);否则,您可以按原样调用可执行文件(例如,要调用cmd.exe,请使用
cmd /c 'echo hi'之类的东西).
Note: &, PowerShell's call operator, is only needed if your executable's path is quoted (e.g, "C:\Program Files\foo.exe") and/or is specified via a variable reference (e.g., $HOME\foo.exe); otherwise, you can invoke the executable as-is (e.g., to invoke cmd.exe, use something like cmd /c 'echo hi').
另外,如果您发现自己需要转义字符集 中的任何字符,请使用-replace和 字符类 ,[...] :
Separately, if you do ever find yourself needing to escape any of the characters in a set of characters, use -replace with a character class, [...]:
注意:对于向内部程序(如上所示)或PowerShell命令传递参数的传递,不是必需的;但是,由于PowerShell对传递给外部程序的参数值中嵌入的"字符的处理不当,您可能必须转义"字符(仅),如\" .
Note: This is not necessary for passing arguments, neither to external programs, as shown above, nor to PowerShell commands; however, due to PowerShell's broken handling of " characters embedded in argument values passed to external programs, you may have to escape " characters (only), as \".
PS> 'a*b\c~d;e(f%g?h.i:j@k/l' -replace '[*\\~;(%?.:@/]', '`$&'
a`*b`\c`~d`;e`(f`%g`?h`.i`:j`@k`/l # all chars. inside [...] were `-escaped
有关-replace运算符的更多信息,请参见此答案.
For more information about the -replace operator, see this answer.
这篇关于如何在PowerShell中转义特殊字符?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!