On Mon, 06 Jul 2009, Bill Luebkert wrote: > Serguei Trouchelle wrote: >> Bill Luebkert wrote: >> >>> I totally disagree - I see nothing wrong with using the 2 arg form >>> and have always and will continue to use it. I find the 3 arg form >>> to be the more ugly of the two >> >> Can't say about "uglier" thing -- it's in the eye of the beholder, >> but using one parameter for two different things is just illogical. > > Well, then there's plenty of illogical stuff in Perl. ;) > > The open is tailored after shell syntax - I suppose you'd have a > problem there too what with the piping and redirection etc.
The "real" problem is that while(<>) is using the 2-arg form of open(), so specially crafted filenames ending with a '|' can executed arbitrary commands when you run `perl myscript *`. This is only an issue on Unix as the pipe symbol is not a valid filename character on Windows. There is nothing you can do about it though, but not use while(<>) if you cannot trust the filenames in your directory. But then you are in a bad spot already if you cannot trust your local files... Cheers, -Jan _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
