develooper Front page | perl.perl5.porters | Postings from July 2008

Re: Alarums and Excursions (was [perl #2783] Security of ARGV using 2-argument open)

Thread Next
From:
Ed Avis
Date:
July 28, 2008 00:22
Subject:
Re: Alarums and Excursions (was [perl #2783] Security of ARGV using 2-argument open)
Message ID:
loom.20080728T071023-264@post.gmane.org
Tom Christiansen <tchrist <at> perl.com> writes:

>But I firmly
>believe that programmers who'd rather write, or see written, this
>sort of sequence:

[long tedious code of processing ARGV by hand]

>instead of just 
> 
>    while (<>) {
>        next if /^=for\s+(index|later)/;
>        $chars += length;
>        $words += split;
>        $lines += y/\n//;
>    }

>are few and far between.

Indeed.  I would much rather write while (<>).  At the moment I can't, at least
not unless I add a 'notes and gotchas' section to my program's manual page
noting that it will open the wrong file if a filename has trailing spaces,
overwrite some random other file if a filename begins with >, and start running
arbitrary external commands if a filename begins or ends |.

(See earlier discussion for why I and others believe this is a real problem and
not just being pedantic.)

I love the idea of the <> shortcut.  Done safely, it could and should be one of
perl's strengths.  That is why I am concerned to make it usable without a list
of obscure corner cases where it does something wrong and potentially dangerous.

As you say, easy things should be easy.  Surely reading lines from the files on
the command line (safely, no ifs, no buts) is one of those easy things.  At the
moment it's not, because the programmer has to write that long code example you
gave.  Let's make it easy.

-- 
Ed Avis





Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About