Skip to main content

Spaces in Filenames

The single most common cause of catastrophic failure in shell scripting is the assumption that filenames will not contain spaces.

If a user uploads a file named My Vacation Photo.jpg, and your automated script uses a for loop or standard xargs to process it, the script will interpret it as three separate files: My, Vacation, and Photo.jpg.

The Vulnerable Pattern (DO NOT USE)

# DANGEROUS
for file in $(find /uploads -type f -name "*.jpg"); do
    rm $file
done

If find outputs /uploads/My Vacation Photo.jpg, the rm command will execute three times:

  1. rm /uploads/My (Fails, or worse, deletes a file named My)
  2. rm Vacation
  3. rm Photo.jpg

Solution 1: print0 and xargs -0 (The Standard)

The most robust POSIX-compliant solution is to tell find to separate its output with a null byte (\0) instead of a newline. Because a null byte cannot legally exist within a filename, xargs can safely split the input.

# SAFE
find /uploads -type f -name "*.jpg" -print0 | xargs -0 rm

Solution 2: The Null-Delimited while read Loop

If you need to perform multiple actions on each file (not just a single command like rm), you cannot easily use xargs. Instead, use a null-delimited while read loop.

# SAFE FOR COMPLEX LOGIC
find /uploads -type f -name "*.jpg" -print0 | while IFS= read -r -d '' file; do
    echo "Processing $file..."
    # perform multiple operations safely
    convert "$file" -resize 800x600 "resized_$file"
    mv "$file" /uploads/archive/
done

Understanding the Loop:

  • IFS=: Clears the Internal Field Separator so leading/trailing spaces in the filename aren't stripped.
  • -r: Prevents read from interpreting backslashes as escape characters.
  • -d '': Tells read to delimit input by the null byte instead of the newline character.

Solution 3: Native -exec

The built-in -exec and -execdir actions are intrinsically safe against spaces. Because find passes the matched path directly to the system exec() call without invoking shell string splitting, you do not need to worry about spaces.

# SAFE
find /uploads -type f -name "*.jpg" -exec mv {} /uploads/archive/ \;

Verdict: If your logic fits into a single command, use -execdir. If you need a pipeline, use -print0 | xargs -0. If you need complex multi-line shell logic, use the null-delimited while loop.