On 6 Jun 2010, at 10:48 PM, Ævar Arnfjörð Bjarmason wrote:
On Mon, Jun 7, 2010 at 05:10, Jay Soffian <jaysoffian@xxxxxxxxx>
wrote:
BTW, quotemeta is technically intended for use with regular
expressions, isn't it?
Yes, it's completely insecure to use it for shell interpolation.
In Perl it's best to use the list form of system() so that the
command will escape things for you automatically.
Passing a list to system() actually ensures that Perl will call execvp
directly, instead of looking for metacharacters and possibly invoking
the system shell. (But this is getting a little OT; sorry.)
--
Ian Ward Comfort <icomfort@xxxxxxxxxxxx>
Systems Team Lead, Academic Computing Services, Stanford University
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html