develooper Front page | perl.perl5.porters | Postings from July 2008

Re: Creative and *routine* use of so-called "magic" ARGV (was[perl #2783] Security of ARGV using 2-argument open)

Thread Previous | Thread Next
July 30, 2008 06:35
Re: Creative and *routine* use of so-called "magic" ARGV (was[perl #2783] Security of ARGV using 2-argument open)
Message ID:
On Wed, Jul 30, 2008 at 02:49:51PM +0200, Roland Giersig wrote:
> Rafael Garcia-Suarez wrote:
>> 2008/7/29 Aristotle Pagaltzis <>:
>>> We can discourage the unconsidered use of magic ARGV with a
>>> warning. This would be the exact same strategy that C compilers
>>> followed WRT `gets`, which it seems to me worked well for C. It
>>> also seems to me that the people who are certain enough that they
>>> want this feature are also people who won't shy away from muting
>>> a warning.
>> Recapitulating what was proposed by you, we are getting to :
>> * not changing <>
>> * introducing new, safer <<>> (or «» if I may joke about the
>> utf8-cleanliness of the tokeniser)
>> * a feature or a pragma then becomes not useful
>> * a way to extend ARGV's magic would be nice, but needs not to be in the core
> Sounds good, but leaves the issue of fixing <> (which is important  
> IMHO). How about this:

[ Proposal to change the meaning of <> ]

> This approach means that people have plenty of time to adapt their apps  
> if they really rely on magical behaviour by either changing '<>' to  
> '<<>>' or adding 'use v5.x'. If they do nothing, their apps just become  
> a little bit safer.

Eh, the argument Aristotle and I used, and Rafael agrees with isn't that
programs will break with newer versions of Perl, it's that programs
written to be safe in 5.12 (or whenever <> defaults to 3-arg), become
unsafe when run with an older perl. But if you leave <> as is, and use
<<>> for 3-arg open, a program using safe opens won't run on a perl that
doesn't have the feature.

Surely you must agree that a program is safer if it refuses to run on a
perl that doesn't use 3-arg open than a program that silently uses 2-arg


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About