I have a script that can be called by untrusted users, we need to make a call along the lines of this made up example:
system 'somescript ' + data
We need to ensure if data == 'filename; dosomethingelse'
then the ; is escaped (or any other special character. The result is the shell command run is actually somescript filename\;\ dosomethingelse
or somescript "filename; dosomethingelse"
Is there a standard way to do this?