Front page | perl.perl5.porters |
Postings from July 2008
2008/7/29 Aristotle Pagaltzis <pagaltzis@gmx.de>: > * Abigail <abigail@abigail.be> [2008-07-28 21:30]: >> - Programs that wouldn't use while (<>) pre-5.12 (because they >> might run in an environment where file names may start with >> '|' or '>') will use 3-arg "safe" while (<>), will be, >> silently, a security issue when run with a pre-5.12. >> >> If you make "while (<<>>)" to be 3-arg open, then at least such >> programs will fail to compile when run with a pre-5.12 perl. > > Exactly. I want to highlight this again: in my opinion, having > code that is safe under 5.12 (or 5.10.1 or whenever) not silently > become unsafe under 5.10.0 or earlier is an incontrovertible > argument for introducing a new safe diamond-like operator as > incompatible syntax. If I parse you well, that's indeed a compelling argument. Finding a balance between security and compatibility isn't very easy. > We can discourage the unconsidered use of magic ARGV with a > warning. This would be the exact same strategy that C compilers > followed WRT `gets`, which it seems to me worked well for C. It > also seems to me that the people who are certain enough that they > want this feature are also people who won't shy away from muting > a warning. Recapitulating what was proposed by you, we are getting to : * not changing <> * introducing new, safer <<>> (or «» if I may joke about the utf8-cleanliness of the tokeniser) * a feature or a pragma then becomes not useful * a way to extend ARGV's magic would be nice, but needs not to be in the coreThread Previous | Thread Next