Re^2: Bad code from the trenches

How big is FILE? Why are you reading it completely into RAM before using it?
Fix: Iterate over FILE in a while-loop.

And that only works if the file has reasonably long lines. You are still in trouble if they give you '/dev/zero' as the filename. Even if the files can not be picked from a list, at least the program should ensure that they are located in a "reasonable" directory.

Comment on Re^2: Bad code from the trenches

Replies are listed 'Best First'.
Re^3: Bad code from the trenches by dragonchild (Archbishop) on Mar 18, 2005 at 13:57 UTC
Define "reasonable" in a platform-independent way. Or, is this something that should be included in File::Spec? Who gets to make that list? In other words, /dev is perfectly reasonable on Win32 and /Windows is perfectly reasonable on Linux. Now what? Being right, does not endow the right to be rude; politeness costs nothing. Being unknowing, is not the same as being stupid. Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence. Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.	[reply]
Re^4: Bad code from the trenches by itub (Priest) on Mar 18, 2005 at 20:37 UTC
Who says it must be platform independent? Not every script ever written needs to be portable. What is reasonable depends on the application, so I don't think it's something you can put on File::Spec. For example, if you are writing a CGI that is supposed to serve a file to the user, you can probably have all such files confined to a specific directory, and allow only relative filenames that don't contain double dots. To be on the safe side, I would constrain the filename to the smallest possible set of characters, such as /^\w+$/. But again, it depends on the application.	[reply]