On Thu, May 05, 2005 at 01:32:56AM -0600, Luke Palmer wrote: > On 5/5/05, Gaal Yahas <[EMAIL PROTECTED]> wrote: > > getopt(...); > > $fh = open $in, :allowstdio; > > Maybe the opposite: > > $fh = open $in, :literal; > > One of the nice things about the magical "-" behavior is that people > are writing more versatile, accepting scripts without realizing it. > That was one of the things that made me really like Perl when I first > started learning it. A few of the little utility / filter scripts > that I wrote already accepted "-" on the command line, and I didn't > even know it (and they still worked perfectly when you used "-").
Yeah, you and me both. > And I don't think arguing in the name of "security" for the default > case is going to buy us anything. Security doesn't come in scripts in > any language for free; you have to walk through every line that sees > the outside world and ask "is there any way somebody could exploit > this?". And a "-" handler would be one of the things you'd have to > routinely write, just like making sure they're not opening "; rm -rf > /". Why are you scare-quoting something I never said? I wasn't talking about security, I was talking about basic least-surprise. Opening "; rm -rf /" with my perl5 does not do anything bad. Opening "-" potentially causes a script to hang. > But I don't think a :literal flag or whatever will be a problem. Yes, I like your proposal, though I don't know which way should be the default. I'm not looking for sysopen (I know where to find it), I'm looking for an easy way to control magic. > You can also open a file named "-", in the absence of a literal > option, like this: > > my $fh = open "./-"; I'd say "fine", except that this isn't portable. > I think he misunderstood you (and if not, then I misunderstood you > :-). You're asking about how to get a filehandle to stdout, he's > telling you how to redirect stdout to a file. > > I think "-" will do the trick. Ah, yes, then again the question is how to conveniently choose whether to do e.g. log-to-stdout or write to a file named "-". -- Gaal Yahas <[EMAIL PROTECTED]> http://gaal.livejournal.com/
