Hi Sarath,
I'm CCing to the list.
On Monday 29 Mar 2010 08:55:55 KKde wrote:
> HI Shlomi,
>
> > system("/usr/bin/find \"$_\" -mtime 3 -print -exec ls '{}' \;");
>
> I got confused. Can you plz explain me why $_ is surrounded by another
> double quotes? Why it isn't interpolated in the outer double quotes?
It is interpolated with or without the \"...\" inner delimiters. However, if
you pass values to the shell, you need the double quotes to give some
rudimentary protection from special characters. If you do:
system("find $_");
Then someone can put in $_ the following string:
. ; rm -fr $HOME
And you've just lost your home directory. I should note that putting values in
double-qoutes is not enough as someone can put a double quotes and escape out
of it. I've talked about it more here:
http://community.livejournal.com/shlomif_tech/35301.html ("Code/Markup
Injection and Its Prevention")
Regards,
Shlomi Fish
>
> Regards,
> Sarath
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
My Aphorisms - http://www.shlomifish.org/humour.html
Deletionists delete Wikipedia articles that they consider lame.
Chuck Norris deletes deletionists whom he considers lame.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
