Front page | perl.perl5.porters |
Postings from October 2011
On Thu Aug 04 07:09:35 2011, eda@waniasset.com wrote:
> I guess that although glob("$dirname/*") breaks for directory names
> containing whitespace, it also breaks for those that contain the * or
> { or } characters, which are equally possible at least on Unix.
The worst breakage is that a glob pattern with spaces gets backslash
escapes processed three times on Unix, so use this if you want to find
all files beginning with \ or . :
@files = <\\\\\\\\* .*>;
Fortunately, I’ve fixed that, so you only need four backslashes now.
How I wish <> had been implemented originally like a regexp literal!
>
> Perhaps there is a case for making glob taint-check its argument under
> -T? After all, the only truly safe way to use it is something like
>
> my $dirname = shift @ARGV;
> die "directory name '$dirname' contains bad chars, cannot glob"
> if $dirname =~ tr/*{} //;
> my @g = glob "$dirname/*";
>
> But who does that? What tutorial would teach it as a safe habit?
> Or should it be
>
> my $dirname = shift @ARGV;
> my $quoted = quotemeta $dirname;
> my @g = glob "$quoted/*";
>
> That seems dirty, and won't work under Windows, where glob() takes
> backslash as a directory separator.
Slash also works. From ext/File-Glob/bsd_glob.c:
#define BG_SEP '/'
#ifdef DOSISH
#define BG_SEP2 '\\'
#endif
Thread Previous
|
Thread Next