Re^2: Stop Using Perl pt. 2

in reply to Re: Stop Using Perl pt. 2
in thread Stop Using Perl pt. 2

Actually, by "hashes and arrays are considered secure", he meant that Perl developers do not consider hashes, arrays, or elements of either to be controlled by user input - not requiring sanitation.

By 'productive' I meant that he actually found some serious gotcha's rather than complaining about basic language features. Like, I had no idea about <$file> when $file is actually ARGV or whatever he went on about.

Comment on Re^2: Stop Using Perl pt. 2

Replies are listed 'Best First'.
Re^3: Stop Using Perl pt. 2 by Corion (Patriarch) on Dec 29, 2015 at 15:21 UTC
Even if you use the relatively safe three-argument version of open, you need to sanitize the user input. Ideally, you would never use user input to open a file or pass user input to an operating system function, which is where open basically ends up at. If you open files from user input and don't use three-argument open, you get what you deserve. This is documented in I/O Operators, but maybe not in such direct words.	[reply]

Replies are listed 'Best First'.

Re^3: Stop Using Perl pt. 2
by Corion (Patriarch) on Dec 29, 2015 at 15:21 UTC

Even if you use the relatively safe three-argument version of open, you need to sanitize the user input. Ideally, you would never use user input to open a file or pass user input to an operating system function, which is where open basically ends up at. If you open files from user input and don't use three-argument open, you get what you deserve. This is documented in I/O Operators, but maybe not in such direct words.

[reply]

In Section Meditations