On 6 April 2010 16:48, Harry Putnam <[email protected]> wrote: > Thanks for the effort, but I'm still a bit confused. Just need to > think it over some more maybe. Is it fair to say that the `magic' > open is far and away the most common working case? And that the 3 arg > open is for unusual circumstances?
No, generally you should always use 3 arg open. Perl Best Practices item #128 discusses this issue if you can beg borrow or steal a copy. > Shawn H Corey <[email protected]> writes: > >> Harry Putnam wrote: >> open my $fh, $file or die "could not open $file: $!\n"; >> >> What if the user gave this as $file? >> >> rm -fr ~ > > Not to be argumentative here... but maybe I can't see as quickly as > some what this would do. > > I can't really visualize what would happen there... wouldn't the open > just fail? Further do we need to prepare for a vastly ridiculous file > name? perhaps spelling things out more explicitly would help. If you write open my $fh, $file or die "could not open $file: $!"; and $file is a user-supplied option, then the user can effectively make arbitrary magic open calls such as: open my $fh, 'rm -rf ~ |' or die "could not open rm -rf ~ |: $!"; The | character at the end means that this no longer opens a file, it runs a command. One which will delete your home directory on unixlike systems. And the user could specify any command they like -- perhaps one which emails your personal files to [email protected]. The three argument form: open my $fh, '<', 'rm -rf ~ |' or die "could not open rm -rf ~ |: $!"; doesn't have this problem. It will try to open a file with quite a funny name, but because the mode is chosen my the second argument and not by a user-supplied string, the user can't execute arbitrary code. Phil -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] http://learn.perl.org/
