Re^2: Safely capturing the output of an external program

http://qs321.pair.com?node_id=11113998

in reply to Re: Safely capturing the output of an external program
in thread Safely capturing the output of an external program

Untainting might work though; if the filename matches, say, q/^[A-Za-z0-9]+\.tfm$/, it's probably safe to pass it through any shell. But I've never liked that approach, and "probably" is a dangerous word.

Comment on Re^2: Safely capturing the output of an external program Download Code

Replies are listed 'Best First'.
Re^3: Safely capturing the output of an external program by LanX (Saint) on Mar 09, 2020 at 10:51 UTC
> Untainting might work though; In this case I'd additionally surround arguments with `'singlequotes'` . Your untainting demo is explicitly forbidding quotes, in other cases escape them. Cheers Rolf _{(addicted to the Perl Programming Language :) Wikisyntax for the Monastery}	[reply] [d/l]

In Section Seekers of Perl Wisdom