[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/10] Proper file name escaping in Autoconf programs and Perl

From: Russ Allbery
Subject: Re: [PATCH 1/10] Proper file name escaping in Autoconf programs and Perl modules.
Date: Thu, 06 Dec 2007 14:02:28 -0800
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)

Ralf Wildenhues <address@hidden> writes:

> +# open_quote ($FILE_NAME)
> +# -----------------------
> +# If the string $S is a well-behaved file name, simply return it.
> +# If it starts with white space, prepend `./'.  Return the new string.
> +sub open_quote($)
> +{
> +  my ($s) = @_;
> +  if ($s =~ m!^\s!)
> +    {
> +      $s = "./$s";
> +    }
> +  return $s;
> +}

If you're going to use the two-argument format, you should also add a nul
byte to the end of the file name ($s .= "\0";):

            The filename passed to 2-argument (or 1-argument) form of open()
            will have leading and trailing whitespace deleted, and the
            normal redirection characters honored. This property, known as
            "magic open", can often be used to good effect. A user could
            specify a filename of "rsh cat file |", or you could change
            certain filenames as needed:

                $filename =~ s/(.*\.gz)\s*$/gzip -dc < $1|/;
                open(FH, $filename) or die "Can't open $filename: $!";

            Use 3-argument form to open a file with arbitrary weird
            characters in it,

                open(FOO, '<', $file);

            otherwise it's necessary to protect any leading and trailing

                $file =~ s#^(\s)#./$1#;
                open(FOO, "< $file\0");

If the string ends in a nul byte, trailing whitespace will be significant;
otherwise, it isn't.

Russ Allbery (address@hidden)             <>

reply via email to

[Prev in Thread] Current Thread [Next in Thread]