Change 34722 by [EMAIL PROTECTED] on 2008/11/04 19:39:58
Integrate:
[ 34720]
Integrate:
[ 34670]
Subject: Re: [PATCH] [doc] be more explicit about magic argv
From: Moritz Lenz <[EMAIL PROTECTED]>
Date: Thu, 30 Oct 2008 20:30:00 +0100
Message-ID: <[EMAIL PROTECTED]>
[ 34703]
Subject: [perl #60300] doc Carp $Carp::Internal{__PACKAGE__} example
From: Kevin Ryde (via RT) <[EMAIL PROTECTED]>
Date: Sat, 01 Nov 2008 16:27:09 -0700
Message-ID: <[EMAIL PROTECTED]>
Affected files ...
... //depot/maint-5.8/perl/lib/Carp.pm#12 integrate
... //depot/maint-5.8/perl/pod/perlop.pod#41 integrate
... //depot/maint-5.8/perl/pod/perlrun.pod#70 integrate
Differences ...
==== //depot/maint-5.8/perl/lib/Carp.pm#12 (text) ====
Index: perl/lib/Carp.pm
--- perl/lib/Carp.pm#11~34018~ 2008-06-07 10:06:39.000000000 -0700
+++ perl/lib/Carp.pm 2008-11-04 11:39:58.000000000 -0800
@@ -1,6 +1,6 @@
package Carp;
-our $VERSION = '1.09';
+our $VERSION = '1.10';
# this file is an utra-lightweight stub. The first time a function is
# called, Carp::Heavy is loaded, and the real short/longmessmess_jmp
# subs are installed
@@ -187,7 +187,7 @@
report an error as being from a line in a package that is internal to
Perl. For example:
- $Carp::Internal{ __PACKAGE__ }++;
+ $Carp::Internal{ (__PACKAGE__) }++;
# time passes...
sub foo { ... or confess("whatever") };
==== //depot/maint-5.8/perl/pod/perlop.pod#41 (text) ====
Index: perl/pod/perlop.pod
--- perl/pod/perlop.pod#40~34709~ 2008-11-03 14:11:58.000000000 -0800
+++ perl/pod/perlop.pod 2008-11-04 11:39:58.000000000 -0800
@@ -2190,6 +2190,18 @@
is magical. (The pseudo code above doesn't work because it treats
<ARGV> as non-magical.)
+Since the null filehandle uses the two argument form of L<perlfunc/open>
+it interprets special characters, so if you have a script like this:
+
+ while (<>) {
+ print;
+ }
+
+and call it with C<perl dangerous.pl 'rm -rfv *|'>, it actually opens a
+pipe, executes the C<rm> command and reads C<rm>'s output from that pipe.
+If you want all items in C<@ARGV> to be interpreted as file names, you
+can use the module C<ARGV::readonly> from CPAN.
+
You can modify @ARGV before the first <> as long as the array ends up
containing the list of filenames you really want. Line numbers (C<$.>)
continue as though the input were one big happy file. See the example
==== //depot/maint-5.8/perl/pod/perlrun.pod#70 (text) ====
Index: perl/pod/perlrun.pod
--- perl/pod/perlrun.pod#69~34288~ 2008-09-05 15:58:40.000000000 -0700
+++ perl/pod/perlrun.pod 2008-11-04 11:39:58.000000000 -0800
@@ -652,6 +652,10 @@
lines printed. If a file named by an argument cannot be opened for
some reason, Perl warns you about it and moves on to the next file.
+Also note that C<< <> >> passes command line arguments to
+L<perlfunc/open>, which doesn't necessarily interpret them as file names.
+See L<perlop> for possible security implications.
+
Here is an efficient way to delete all files that haven't been modified for
at least a week:
End of Patch.
