develooper Front page | perl.perl5.porters | Postings from October 2012

IPC::Cmd (was: Taking CPANPLUS out of core)

Thread Previous | Thread Next
From:
Ed Avis
Date:
October 1, 2012 06:27
Subject:
IPC::Cmd (was: Taking CPANPLUS out of core)
Message ID:
loom.20121001T151732-428@post.gmane.org
Could I say +1 to the request to keep IPC::Cmd.  Lots of Perl code in the wild
has shell character interpolation bugs, and the perl builtins such as ``, while
convenient, make it too easy to write unsafe code and too hard to write code
which always works correctly.

While IPC::Cmd also supports giving the command as a single string (with shell
interpolation), its array-reference interface is a relatively simple way to
capture stdout and stderr hygienically, without worrying that your code will
trip up if someone passes input containing '>' or '&&', and so on and so on.

Backtick syntax is not going to disappear, despite its gotchas, but the Perl core
should do everything possible to make it as convenient to write bulletproof code
as it is to use the string-interpolated builtins.

-- 
Ed Avis <eda@waniasset.com>


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About