|XP is just a number|
magic-diamond <> behavior -- WHAT?!by repellent (Priest)
|on Oct 29, 2008 at 21:50 UTC||Need Help??|
repellent has asked for the
wisdom of the Perl Monks concerning the following question:
I stumbled upon B::Lint's magic-diamond documentation which states that <> (also known as <ARGV>) internally uses perl's two-argument open.
This means that if <> encounters a filename "rm * | " (just has to end with pipe "|" and optional whitespace), then it executes the shell command 'rm *'. Example:
Shouldn't this be fixed with 3-argument open? I really like the magic-diamond for quick one-liners, but this just sounds all the security/robustness alarm bells.
Any recommended idioms to replace the following?
Update: An idiom would be to use ARGV::readonly
Update 2: If you're like me and like to write lots of one-line filters like:
as an idiom, add the taint switch -T:
I don't fully agree with it, but it's the least we've got to curb the <ARGV> magic, besides ARGV::readonly, and not compromise the terseness of the one-liner.