Front page | perl.perl5.porters |
Postings from October 2012
From: Salvador Fandino
October 2, 2012 03:54
Message ID: 506AC7C6.firstname.lastname@example.org
On 10/01/2012 03:26 PM, Ed Avis wrote:
> Could I say +1 to the request to keep IPC::Cmd. Lots of Perl code in the wild
> has shell character interpolation bugs, and the perl builtins such as ``, while
> convenient, make it too easy to write unsafe code and too hard to write code
> which always works correctly.
> While IPC::Cmd also supports giving the command as a single string (with shell
> interpolation), its array-reference interface is a relatively simple way to
> capture stdout and stderr hygienically, without worrying that your code will
> trip up if someone passes input containing '>' or '&&', and so on and so on.
> Backtick syntax is not going to disappear, despite its gotchas, but the Perl core
> should do everything possible to make it as convenient to write bulletproof code
> as it is to use the string-interpolated builtins.
While we are at it, I would love to see readpipe extended to support the
same arguments as system.