it's a good idea to make sure that $FILE_NAME does not contain any special characters such as | > < because it's a potential vulnerability, especially if you get your file name from some other place like arguments
Yes, this is true - if you're using the two-argument instead of three-argument open. You said you're using Perl 5.8, where the latter is available. This is another reason that the more modern three-argument open and lexical filehandles are recommended. Also, I think that silently deleting characters or chopping off the filename at these characters, which will result in attempting to open a completely different file, is unexpected behavior - IMO it's much better to simply throw an error and refuse to open such a file and let the user figure it out, instead of taking some action that isn't what the user asked for.
open FILEHANDLE, "< *.*" so again those special characters should not appear in that space
No, as I said, '*.*' is a valid filename - strange and unusual, but valid. And again, why silently try to open a file named '.' instead?
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
