Change 34720 by [EMAIL PROTECTED] on 2008/11/04 11:01:52
Integrate:
[ 34670]
Subject: Re: [PATCH] [doc] be more explicit about magic argv
From: Moritz Lenz <[EMAIL PROTECTED]>
Date: Thu, 30 Oct 2008 20:30:00 +0100
Message-ID: <[EMAIL PROTECTED]>
[ 34703]
Subject: [perl #60300] doc Carp $Carp::Internal{__PACKAGE__} example
From: Kevin Ryde (via RT) <[EMAIL PROTECTED]>
Date: Sat, 01 Nov 2008 16:27:09 -0700
Message-ID: <[EMAIL PROTECTED]>
Affected files ...
... //depot/maint-5.10/perl/lib/Carp.pm#3 integrate
... //depot/maint-5.10/perl/pod/perlop.pod#6 integrate
... //depot/maint-5.10/perl/pod/perlrun.pod#5 integrate
Differences ...
==== //depot/maint-5.10/perl/lib/Carp.pm#3 (text) ====
Index: perl/lib/Carp.pm
--- perl/lib/Carp.pm#2~34017~ 2008-06-07 09:53:10.000000000 -0700
+++ perl/lib/Carp.pm 2008-11-04 03:01:52.000000000 -0800
@@ -1,6 +1,6 @@
package Carp;
-our $VERSION = '1.09';
+our $VERSION = '1.10';
# this file is an utra-lightweight stub. The first time a function is
# called, Carp::Heavy is loaded, and the real short/longmessmess_jmp
# subs are installed
@@ -187,7 +187,7 @@
report an error as being from a line in a package that is internal to
Perl. For example:
- $Carp::Internal{ __PACKAGE__ }++;
+ $Carp::Internal{ (__PACKAGE__) }++;
# time passes...
sub foo { ... or confess("whatever") };
==== //depot/maint-5.10/perl/pod/perlop.pod#6 (text) ====
Index: perl/pod/perlop.pod
--- perl/pod/perlop.pod#5~33884~ 2008-05-20 08:07:58.000000000 -0700
+++ perl/pod/perlop.pod 2008-11-04 03:01:52.000000000 -0800
@@ -2213,6 +2213,18 @@
is magical. (The pseudo code above doesn't work because it treats
<ARGV> as non-magical.)
+Since the null filehandle uses the two argument form of L<perlfunc/open>
+it interprets special characters, so if you have a script like this:
+
+ while (<>) {
+ print;
+ }
+
+and call it with C<perl dangerous.pl 'rm -rfv *|'>, it actually opens a
+pipe, executes the C<rm> command and reads C<rm>'s output from that pipe.
+If you want all items in C<@ARGV> to be interpreted as file names, you
+can use the module C<ARGV::readonly> from CPAN.
+
You can modify @ARGV before the first <> as long as the array ends up
containing the list of filenames you really want. Line numbers (C<$.>)
continue as though the input were one big happy file. See the example
==== //depot/maint-5.10/perl/pod/perlrun.pod#5 (text) ====
Index: perl/pod/perlrun.pod
--- perl/pod/perlrun.pod#4~34264~ 2008-09-04 03:18:56.000000000 -0700
+++ perl/pod/perlrun.pod 2008-11-04 03:01:52.000000000 -0800
@@ -659,6 +659,10 @@
lines printed. If a file named by an argument cannot be opened for
some reason, Perl warns you about it and moves on to the next file.
+Also note that C<< <> >> passes command line arguments to
+L<perlfunc/open>, which doesn't necessarily interpret them as file names.
+See L<perlop> for possible security implications.
+
Here is an efficient way to delete all files that haven't been modified for
at least a week:
End of Patch.
