Re^6: Getting information about a remote file via SSH: how to escape the filename

in reply to Re^5: Getting information about a remote file via SSH: how to escape the filename
in thread Getting information about a remote file via SSH: how to escape the filename

Suggestions on how to stay safe are very welcome

Avoid the shell as much as you can (i.e. using system $cmd, @args instead of system "$cms @args").

Otherwise, quote your data properly. For instance, for POSIX shells I use the following sub to quote commands and arguments:

my $glob_class    = '*?\\[\\],{}:!^~';
 
sub quote {
    shift;
    my $quoted = join '',
        map { ( m|\A'\z|                  ? "\\'"    :
                m|\A'|                    ? "\"$_\"" :
                m|\A[$noquote_class]+\z|o ? $_       :
                                          "'$_'"   )
          } split /('+)/, $_[0];
    length $quoted ? $quoted : "''";
}
[download]

Comment on Re^6: Getting information about a remote file via SSH: how to escape the filename Select or Download Code

In Section Seekers of Perl Wisdom