Re^3: Usage of File Handles

it does remove some illegal characters (<>|*?) from the name that obviously should not occur in a file name

Those are all perfectly valid characters in many *NIX OSes, see e.g. this. I also don't understand why some of those characters are simply removed and others cause the string to be cut off at that point.

Okay, I was told earlier that when we open a file such as open FILEHANDLE, "< $FILE_NAME" then it's a good idea to make sure that $FILE_NAME does not contain any special characters such as | > < because it's a potential vulnerability, especially if you get your file name from some other place like arguments. Your script could be hacked, and it may end up doing something you didn't want.. That's why I check the file name.

Also, there is no point in doing this : open FILEHANDLE, "< *.*" so again those special characters should not appear in that space. It's perfectly okay to include them when you do a search, but not when you're trying to open a file for reading.

Comment on Re^3: Usage of File Handles

Replies are listed 'Best First'.
Re^4: Usage of File Handles by haukex (Archbishop) on Feb 08, 2019 at 17:58 UTC
it's a good idea to make sure that $FILE_NAME does not contain any special characters such as \| > < because it's a potential vulnerability, especially if you get your file name from some other place like arguments Yes, this is true - if you're using the two-argument instead of three-argument open. You said you're using Perl 5.8, where the latter is available. This is another reason that the more modern three-argument `open` and lexical filehandles are recommended. Also, I think that silently deleting characters or chopping off the filename at these characters, which will result in attempting to open a completely different file, is unexpected behavior - IMO it's much better to simply throw an error and refuse to open such a file and let the user figure it out, instead of taking some action that isn't what the user asked for. open FILEHANDLE, "< ." so again those special characters should not appear in that space No, as I said, `'.'` is a valid filename - strange and unusual, but valid. And again, why silently try to open a file named `'.'` instead?	[reply] [d/l] [select]
Re^4: Usage of File Handles by Corion (Patriarch) on Feb 08, 2019 at 17:39 UTC
The potential vulnerability only happens if you do not use the three-argument version of open. Maybe you should upgrade your Perl knowledge a bit.	[reply]