Mike Mestnik <cheako+debian-secur...@mikemestnik.net> writes:
> The link($1) can't contain a ", but a few others(I.E ') should be added
> to this list and use...
> open INPUT, "wget --user-agent=\"$user_agent\" -qO - \"$url\" |" or die;
> or
> open INPUT, "wget --user-agent='$user_agent' -qO - '$url' |" or die;
Using the three-or-more argument form of open is better:
open INPUT, "-|", "wget", "--user-agent=$user_agent", "-qO", "-", $url
or die;
This avoids using the shell (unless there's only one argument, see
perldoc -f open for that case). Even in this case one should make sure
that $url is sane and doesn't for example start with a dash like
options.
It's also possible to use (for example) LWP::UserAgent here.
Ansgar
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87k3slhpoy....@eisei.43-1.org
