Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Re^3: magic-diamond <> behavior -- WHAT?! (sanity)

by Anonymous Monk
on Oct 30, 2008 at 08:34 UTC ( #720419=note: print w/replies, xml ) Need Help??

in reply to Re^2: magic-diamond <> behavior -- WHAT?! (sanity)
in thread magic-diamond <> behavior -- WHAT?!

mistake or not, taint cures a lot of this
  • Comment on Re^3: magic-diamond <> behavior -- WHAT?! (sanity)

Replies are listed 'Best First'.
Re^4: magic-diamond <> behavior -- WHAT?! (sanity)
by ikegami (Pope) on Oct 30, 2008 at 09:09 UTC

    Not really. It prevents odd file names from being treated as shell commands, but it dos so by killing your program instead of treating them as the names of files to read as intended.

    It's like fixing a flat tire by removing the car's battery. Sure, you won't ruin your car by driving with a flat. But you also won't be driving your car.

      Its more like pulling over when you get nailed, then you get out, fix your tire.

        The program won't run with certain file names. <> just won't work with them. Are you suggesting that all scripts should reimplement <> to use 3-arg open? You're talking about extremely tricky code if you don't want to break -i.

Re^4: magic-diamond <> behavior -- WHAT?! (insanity)
by tye (Sage) on Oct 30, 2008 at 13:04 UTC

    No, taint checking is a dang stupid idea of a "fix". It doesn't actually fix anything and it makes lots of parts of your program bring everything to a screaching halt if you don't get a bunch of extra work done just right. And proposing it as a "fix" is a pretty clear demonstration of "you just don't get it at all".

    An actual fix that is also not breaking tons of other parts of your code is simply $_= "< $_" for @ARGV; (done everywhere that @ARGV gets sets for <> to be used, though).

    Now go fix just about every mention of <> in the documentation and hope that every person who ever uses <> non-hackishly jumps through your extra hoops and hope that the huge majority of them who won't (because it has been documented in dozens of places for decades that such hoops are not required) don't run into a truly evily-named file. And be happy that a few hackish programs don't require the slightest modification (even through a deprecation cycle) while every use of <> in the standard documentation is wrong.

    Oh, and have fun fixing the documentation for -i. That even more obviously puts the lie to "it was designed to work that way".

    - tye        

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://720419]
[choroba]: The previous line tells it all.
[choroba]: "Out of memory!" - anything can happen afterwards
[Discipulus]: my father sometimes gives the same result.. good fellow

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (6)
As of 2018-02-21 13:59 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (280 votes). Check out past polls.