INPUT fails if the entered text contains pair of square brackets

sst

Aug 3, 2009
8
0
INPUT or SET /P fails if the entered text contains pair of square brackets.

Code:
[C:\]INPUT Enter text:  %%myvar
Enter text: Sample text [ to fail input ]
TCC: Not an array variable "myvar"

[C:\]
The documentation does not mention anything about this behavior so Its not clear to me if it is intentional or not.
The QUERYBOX command does not pose this limitation/behavior.

So is there any way to get such an input from stdin?
 

sst

Aug 3, 2009
8
0
In the meantime, I resorted to using this little snippet as a workaround for this limitation.
This may be useful to others who may use earlier versions of TCC which which may be affected by this bug.

It also has the advantage(for me) that the input history is available with CMD's SET /P, whereas TCC does not provide this functionality with SET /P and INPUT (or maybe I don't know how to activate it).

Code:
setlocal
    setdos /x0-45678
    unset userInput
    set "savedTitle=%_WINTITLE"
    (echos Prompt text goes here)
    setdos /x+5678
    REM The CMD's title command outputs the help message if the title matches this regex pattern "/\s*[?]"
    REM So it should be redirected to nul to be safe
    for /F "delims=" %%I in ('@"%_WINSYSDIR\cmd" /e:on /v:on /d /c title !savedTitle!^^^>nul^^^&set /p "userInput="^^^&if defined userInput echo(!userInput!') do (
        setdos /x-5678
        set "userInput=%%I"
    )
endlocal userInput

SideNote:
I had to omit the .exe extension from cmd because apparently the forum software does permit the post to contain cmd.exe. This does not occur with other names like TCC.exe. Strange!
 
Last edited:
May 20, 2008
10,564
78
Syracuse, NY, USA
And while it doesn't object to TCC.EXE, it does have a problem with TCMD‍.EXE ....
That's because it has a naughty substring. Charles, why did you choose character 8205 (0x200D) and how did you get it into your post? [Character 8205 is between the 'D' and the '.' in my quote from Charles's post.]

It might be done for a very simple reason ... security. I'm confident you could do some damage if you talked a user into executing the right CMD command line copied from the forum. And if it is done for the sake of security, it's pretty lame!
 

Charles Dye

Super Moderator
Staff member
May 20, 2008
4,201
72
Albuquerque, NM
prospero.unm.edu
That's because it has a naughty substring. Charles, why did you choose character 8205 (0x200D) and how did you get it into your post? [Character 8205 is between the 'D' and the '.' in my quote from Charles's post.]
That's the zero-width joiner. Just a character which people can't see, but is sufficient to fool the filter. There are other Unicode characters which would work just as well.

As for how, I have a command COPYCHARS that lets me stick arbitrary characters on the clipboard: copychars "CMD" zwj; ".EXE"
But you can do the same trick with CharMap.
 
Last edited:
Thread starter Similar threads Forum Replies Date
Joe Caverly Support 3
Joe Caverly Support 3
T Support 2
T Support 5
WinLanEm Support 1