develooper Front page | perl.perl5.porters | Postings from October 2012

Re: IPC::Cmd

Thread Previous | Thread Next
Salvador Fandino
October 2, 2012 03:54
Re: IPC::Cmd
Message ID:
On 10/01/2012 03:26 PM, Ed Avis wrote:
> Could I say +1 to the request to keep IPC::Cmd.  Lots of Perl code in the wild
> has shell character interpolation bugs, and the perl builtins such as ``, while
> convenient, make it too easy to write unsafe code and too hard to write code
> which always works correctly.
> While IPC::Cmd also supports giving the command as a single string (with shell
> interpolation), its array-reference interface is a relatively simple way to
> capture stdout and stderr hygienically, without worrying that your code will
> trip up if someone passes input containing '>' or '&&', and so on and so on.
> Backtick syntax is not going to disappear, despite its gotchas, but the Perl core
> should do everything possible to make it as convenient to write bulletproof code
> as it is to use the string-interpolated builtins.

While we are at it, I would love to see readpipe extended to support the 
same arguments as system.

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About