comment on

I prefer this form (it is a little faster, a little shorter and lets you add more args at the cost of a , and the $arg_name).

my( $username, $user ) = @ARGV;
[download]

The multi-arg form of system offers some protection from hacking but remember you are passing $username and $user to the SHELL so it is a good idea to make sure that they only contain non shell chars. Typically you remove everything except your allowed list (it is better to specify what you will allow than try to think of everything bad - you will miss stuff):

$var = ";rm -rf /*;";
my $ILLEGAL_CHARS = qr/[^A-Za-z0-9._-]/;
$var =~ s/$ILLEGAL_CHARS/_/g;
print $var;
[download]

If you were using the single arg form of system and allowed that string (un-sanitized) it would try to execute that command.....

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

In reply to Re: Re: relaying arguments using system call by tachyon
in thread relaying arguments using system call by jonnyfolk

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.