On Mon, 06 Jul 2009, Bill Luebkert wrote:
>  Serguei Trouchelle wrote:
> > Bill Luebkert wrote:
> >
> >> I totally disagree - I see nothing wrong with using the 2 arg form
> >> and have always and will continue to use it. I find the 3 arg form
> >> to be the more ugly of the two
> >
> > Can't say about "uglier" thing -- it's in the eye of the beholder,
> > but using one parameter for two different things is just illogical.
> 
>  Well, then there's plenty of illogical stuff in Perl. ;)
> 
>  The open is tailored after shell syntax - I suppose you'd have a
>  problem there too what with the piping and redirection etc.

The "real" problem is that while(<> ) is using the 2-arg form of
open(), so specially crafted filenames ending with a '|' can
executed arbitrary commands when you run `perl myscript *`.  This
is only an issue on Unix as the pipe symbol is not a valid filename
character on Windows.

There is nothing you can do about it though, but not use while(<> )
if you cannot trust the filenames in your directory.  But then you
are in a bad spot already if you cannot trust your local files...

Cheers,
-Jan


_______________________________________________
ActivePerl mailing list
ActivePerl@[...].com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs