On Mon, Jun 07, 2010 at 05:48:11AM +0000, Ævar Arnfjörð Bjarmason wrote: > On Mon, Jun 7, 2010 at 05:10, Jay Soffian <jaysoffian@xxxxxxxxx> wrote: > > BTW, quotemeta is technically intended for use with regular > > expressions, isn't it? > > Yes, it's completely insecure to use it for shell interpolation. It's intended for use with regexps, but I don't think it is insecure for shell interpolation. According to perldoc, it quotes 'all characters not matching "/[A-Za-z_0-9]/"'. So it's excessive for shell quoting, but not insecure. > In Perl it's best to use the list form of system() so that the command > will escape things for you automatically. Agreed, but it's not escaping things automatically. It simply skips the shell invocation entirely. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html