Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I stumbled upon B::Lint's magic-diamond documentation which states that <> (also known as <ARGV>) internally uses perl's two-argument open.
This means that if <> encounters a filename "rm * | " (just has to end with pipe "|" and optional whitespace), then it executes the shell command 'rm *'. Example:
Shouldn't this be fixed with 3-argument open? I really like the magic-diamond for quick one-liners, but this just sounds all the security/robustness alarm bells. Any recommended idioms to replace the following?
Update: An idiom would be to use ARGV::readonly Update 2: If you're like me and like to write lots of one-line filters like:
as an idiom, add the taint switch -T:
I don't fully agree with it, but it's the least we've got to curb the <ARGV> magic, besides ARGV::readonly, and not compromise the terseness of the one-liner. In reply to magic-diamond <> behavior -- WHAT?! by repellent
|
|