Subject:
|
Re: MPD<->DAT conversion in Perl
|
Newsgroups:
|
lugnet.cad.dev
|
Date:
|
Sun, 21 Feb 1999 18:39:02 GMT
|
Viewed:
|
1094 times
|
| |
|
|
In lugnet.cad.dev, fredrik.glockner@bio.uio.no (Fredrik Glöckner) writes:
> lehman@javanet.com (Todd Lehman) writes:
>
> > die "Illegal characters in filename $dat"
> > if $dat =~ m/[^a-zA-Z0-9_\-\.]/;
>
> Are you sure this handles all the legal LDraw file names? I think both
> tildes (~) and hashed (#) are legal as well.
Oh. OK, no, it doesn't. Is there a spec somewhere on what characters are
legal? There regex there should be m/[^a-zA-Z0-9_\-\.~#]/ to include ~
and #, but any other characters would need to be scrutinized very carefully
to look for shell escapes. For example, allowing ` or * or / or | in
filenames would present a potential security problem, due to the way Perl's
open() function works*. Maybe sysopen() could be used instead.
--Todd
* Perl's open() function is awesome because it expands shell metacharacters
and makes pipes really easy and all that, but it also makes mischief very
easy...Consider: 0 FILE `rm -fr ~/*`.dat Most of the time, you just want
to open a plain file, so the metacharacter expansion is a PITA, but OTOH
filenames with metacharacters in them are super-dangerous anyway and should
be checked for in any program that communicates with shell scripts and the
like.
|
|
Message is in Reply To:
 | | Re: MPD<->DAT conversion in Perl
|
| (...) Are you sure this handles all the legal LDraw file names? I think both tildes (~) and hashed (#) are legal as well. Sorry if this comment is out of place, as I'm not too familiar with Perl. Other than that, your programs look useful. Fredrik (26 years ago, 21-Feb-99, to lugnet.cad.dev)
|
3 Messages in This Thread:
 
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
