Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re^2: Stop Using Perl pt. 2

by sushi (Initiate)
on Dec 29, 2015 at 14:21 UTC ( #1151359=note: print w/replies, xml ) Need Help??

in reply to Re: Stop Using Perl pt. 2
in thread Stop Using Perl pt. 2

Actually, by "hashes and arrays are considered secure", he meant that Perl developers do not consider hashes, arrays, or elements of either to be controlled by user input - not requiring sanitation.

By 'productive' I meant that he actually found some serious gotcha's rather than complaining about basic language features. Like, I had no idea about <$file> when $file is actually ARGV or whatever he went on about.

Replies are listed 'Best First'.
Re^3: Stop Using Perl pt. 2
by Corion (Pope) on Dec 29, 2015 at 15:21 UTC

    Even if you use the relatively safe three-argument version of open, you need to sanitize the user input. Ideally, you would never use user input to open a file or pass user input to an operating system function, which is where open basically ends up at. If you open files from user input and don't use three-argument open, you get what you deserve. This is documented in I/O Operators, but maybe not in such direct words.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1151359]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (5)
As of 2020-08-13 19:40 GMT
Find Nodes?
    Voting Booth?
    Which rocket would you take to Mars?

    Results (75 votes). Check out past polls.