rtime.felk.cvut.cz Git - novaboot.git/commit

author	Michal Sojka <michal.sojka@cvut.cz>
	Fri, 22 Oct 2021 12:19:30 +0000 (14:19 +0200)
committer	Michal Sojka <michal.sojka@cvut.cz>
	Fri, 22 Oct 2021 12:19:30 +0000 (14:19 +0200)
commit	0a26fc0d0c474edbbc900261d85d9c60d0a8294d
tree	42664e3333faeee8d65901e1bc7ca1004e718636	tree \| snapshot
parent	6dcb21a0b297867324ee581a6a5306afbd965577	commit \| diff

Replace <> with <<>>

The reason is that <> can be dangerous. From Perl documentation:

    Since the null filehandle uses the two argument form of "open" in
    perlfunc it interprets special characters, so if you have a script like
    this:

while (<>) {
    print;
}

    and call it with "perl dangerous.pl 'rm -rfv *|'", it actually opens a
    pipe, executes the "rm" command and reads "rm"'s output from that pipe.
    If you want all items in @ARGV to be interpreted as file names, you can
    use the module "ARGV::readonly" from CPAN, or use the double diamond
    bracket:

while (<<>>) {
    print;
}

    Using double angle brackets inside of a while causes the open to use
    the three argument form (with the second argument being "<"), so all
    arguments in "ARGV" are treated as literal filenames (including "-").
    (Note that for convenience, if you use "<<>>" and if @ARGV is empty, it
    will still read from the standard input.)