Your
shallow_eval is the same as saying:
eval [list command ?args ...?]
which is what the ACS does on user supplied input.
Example in tclsh:
% set cmd {[df]}
[df]
% eval puts $cmd
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/sda1 132207 51228 74153 41% /
...
% shallow_eval puts $cmd
[df]
% eval [list puts $cmd]
[df]
I have grepped the ACS 4.1 sources and can't find an instance where
eval is used on user supplied input without using
eval [list ...]. (Which isn't to say there isn't one or more such cases lurking, just that I haven't found one yet. Have you seen any?)
