develooper Front page | perl.perl5.porters | Postings from July 2008

Re: Creative and *routine* use of so-called "magic" ARGV (was [perl #2783] Security of ARGV using 2-argument open)

Thread Next
Ed Avis
July 30, 2008 06:06
Re: Creative and *routine* use of so-called "magic" ARGV (was [perl #2783] Security of ARGV using 2-argument open)
Message ID:
Roland Giersig <rgiersig <at>> writes:

>How about this:
>in v5.12:
>* add the '<<>>' operator as the now-standard magic 2-arg-open (clone it 
>from '<>')
>* issue a warning whenever '<>' invokes its magic, telling about the 
>coming change, i.e.
>  "You are using the magical behaviour of the <> operator with regards 
>to command pipes| or file redirections in ARGV. Please note that <> will 
>lose its magic in the next version. To keep the magical behaviour, use 
>the new <<>> operator instead."

Either have a warning or change the semantics; I don't think you need both. 
Once people see the warning they will change their code to either explicit magic
or explicit boring-file-opening.  Anyway, we can't plan as far ahead as 5.14.

>* add a pragma, e.g. "use feature safe_diamond" or equivalent to already 
>switch '<>' over to use the 3-args-open. That way developers can already 
>use the new behaviour, avoiding those dreaded version-checks.

Pragmas are useful when you want to change the global behaviour of a program. 
But typically <> is used in just one place, the main loop, and certainly in just
one source file (by an unfortunate accident of perl's implementation, you cannot
in general pass the ARGV filehandle to subroutines expecting a filehandle).

So I think a pragma is overkill here, better a way to explicitly say what you
want: <SAFE_ARGV> or <MAGIC_ARGV>, with appropriate syntactic sugar to provide a
<<>> operator or whatever.

>* "use v5.x" (for x < 12) of course should switch magical behaviour back 
>on for '<>'.

I think this is also getting a bit hairy and tangled.

>Coming to think of, this argument is so strong that the 
>two-step-approach now seems overkill to me. Just making sure that "use 
>5.x" switches the magic back on for '<>' should be sufficient.

Um, I don't know, after all one of the main points is that people were and are
using perl-5.10, perl-5.8 and older versions and believing <> reads files given
on the command line.  If you put 'use 5.6' in your program it means it will not
work with perl older than that, not 'preserve 5.6's bugs for all time'. 
Otherwise I had better go through and remove 'use 5.10' from all my programs
lest I miss out on some bug present in 5.10 but fixed in later perls!

Let's not put extra bizarre stuff into 'use 5.xx', it is awkward enough already.

Ed Avis <>

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About