From 0a26fc0d0c474edbbc900261d85d9c60d0a8294d Mon Sep 17 00:00:00 2001
From: Michal Sojka <michal.sojka@cvut.cz>
Date: Fri, 22 Oct 2021 14:19:30 +0200
Subject: [PATCH] Replace <> with <<>>

The reason is that <> can be dangerous. From Perl documentation:

    Since the null filehandle uses the two argument form of "open" in
    perlfunc it interprets special characters, so if you have a script like
    this:

	while (<>) {
	    print;
	}

    and call it with "perl dangerous.pl 'rm -rfv *|'", it actually opens a
    pipe, executes the "rm" command and reads "rm"'s output from that pipe.
    If you want all items in @ARGV to be interpreted as file names, you can
    use the module "ARGV::readonly" from CPAN, or use the double diamond
    bracket:

	while (<<>>) {
	    print;
	}

    Using double angle brackets inside of a while causes the open to use
    the three argument form (with the second argument being "<"), so all
    arguments in "ARGV" are treated as literal filenames (including "-").
    (Note that for convenience, if you use "<<>>" and if @ARGV is empty, it
    will still read from the standard input.)
---
 novaboot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/novaboot b/novaboot
index 7fa3816..0e88881 100755
--- a/novaboot
+++ b/novaboot
@@ -357,7 +357,7 @@ my $EOF;
 my $last_fn = '';
 my ($modules, $variables, $generated, $copy, $chainload, $continuation) = ([], {}, [], []);
 my $skip_reading = defined($on_opt) || defined($off_opt);
-while (!$skip_reading && ($_ = <>)) {
+while (!$skip_reading && ($_ = <<>>)) {
     if ($ARGV ne $last_fn) { # New script
 	die "Missing EOF in $last_fn" if $file;
 	die "Unfinished line in $last_fn" if $continuation;
-- 
2.39.2