Harry Putnam wrote:
Philip Potter <philip.g.pot...@gmail.com> writes:
The three argument form:
open my $fh, '<', 'rm -rf ~ |' or die "could not open rm -rf ~ |: $!";
doesn't have this problem. It will try to open a file with quite a
funny name, but because the mode is chosen my the second argument and
not by a user-supplied string, the user can't execute arbitrary code
Still a bit confused here.
That's because they are using the pipe symbol (ASCII 7C) as part of a
file name. You should not do this in real life. Also, never name a
file 'rm' ;)
If you want an open with a pipe char for actual piping then the 2 arg
is good?
You can use the 3-argument open for pipes:
open my $ls_fh, '-|', 'ls' or die "could not open ls pipe: $!\n";
But if so then all the problems discussed here come into play again.
It seems like the redirect operator inclusion is what makes the open
safer.
So is this a 3 or 2 arg open:
my $file = './file';
open(my $fh,"<$file")or die "Can't open $file: $!";
That's a 2-argument open; the 3-argument one looks like:
open my $fh, '<', $file or die "could not open $file: $!\n";
See:
perldoc perlopentut http://perldoc.perl.org/perlopentut.html
perldoc -f open http://perldoc.perl.org/functions/open.html
--
Just my 0.00000002 million dollars worth,
Shawn
Programming is as much about organization and communication
as it is about coding.
I like Perl; it's the only language where you can bless your
thingy.
Eliminate software piracy: use only FLOSS.
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
