Browser::Open tries to use the list form of system to spawn a browser. The problem is that start is a cmd command and not a real executable, so Perl has to fall back to using the shell to launch it - and it doesn't quote the command line correctly in process. This makes Browser::Open a shell injection on Windows.
A proper solution would be either to use Win32::ShellQuote or something similar to build a proper cmd.exe command line on Windows, use Perl version of ShellExecute from WinAPI (is there such a module?) or to fall back to launching browsers directly by their paths, which is not a good idea at all.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|