develooper Front page | perl.perl5.porters | Postings from October 2012

Re: IPC::Cmd

Thread Previous | Thread Next
From:
Salvador Fandino
Date:
October 2, 2012 03:54
Subject:
Re: IPC::Cmd
Message ID:
506AC7C6.6030401@yahoo.com
On 10/01/2012 03:26 PM, Ed Avis wrote:
> Could I say +1 to the request to keep IPC::Cmd.  Lots of Perl code in the wild
> has shell character interpolation bugs, and the perl builtins such as ``, while
> convenient, make it too easy to write unsafe code and too hard to write code
> which always works correctly.
>
> While IPC::Cmd also supports giving the command as a single string (with shell
> interpolation), its array-reference interface is a relatively simple way to
> capture stdout and stderr hygienically, without worrying that your code will
> trip up if someone passes input containing '>' or '&&', and so on and so on.
>
> Backtick syntax is not going to disappear, despite its gotchas, but the Perl core
> should do everything possible to make it as convenient to write bulletproof code
> as it is to use the string-interpolated builtins.

While we are at it, I would love to see readpipe extended to support the 
same arguments as system.


Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About