>>>>> "Mumia" == "Mumia W " <mumia.w.18.spam> writes:
Mumia> Not quite. Rob's program works for rational input data. And that attitude creates fragile, eventually broken code. Many years ago, people wrote shell scripts that couldn't deal with spaces in filenames, because they said something like you just said... "but who would ever put a SPACE in a filename?". And now, look around you. The integration of Unix filesystem space with Windows and Mac mounts mean that *every* Unix utility has to deal with spaces in the name. However, those of us who looked forward and said "you know, *I* may not have any files that have spaces in the names now, but I'll code to allow for that" had no problems. We've been writing scripts to "do the right thing" for years. Similarly, if you use a regex like /^\.\.?$/ to check for "an empty directory" as a security check in some step of your program, a bad guy can come along and create a file named "..\n" (which is perfectly legal and matches that regex) that your program will overlook. (The regex should actually be /\A\.\.?\z/.) Oops. Security hole. So, what I'm arguing for here is not what to do for the common case, but what to do to prevent future breakage and especially future security issues. Filenames in Unix can contain any character except "/" and "\0". Period. Account for it. Work with it. Deal with it. Even if you think only insane people would names things differently from your rules, it's the insane person that will eventually invoke your code, so you might as well Do It Right to begin with. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
