in reply to qr/string/ is not the same as qr/$var/ ?

Now all is fine, but the cure is worse than the disease. Any person reading the code will quickly spot that they could have a lot of fun by specifying a pattern such as /.`rm -rf /`./ and then you are in a world of pain.
Only if your code is SUID (or SGID). Otherwise, if they want to remove all files they can, they just type rm -rf from the prompt to get the same effect.
  • Comment on Re: qr/string/ is not the same as qr/$var/ ?

Replies are listed 'Best First'.
Re^2: qr/string/ is not the same as qr/$var/ ?
by Whitehawke (Pilgrim) on Apr 19, 2005 at 17:08 UTC
    First, that presupposes that they have a shell account on the machine. They may not. Second, that would allow them to remove all files that /they/ have access to delete. The OP's program might be (e.g.) a CGI that is not S(U|G)ID but is not run as that user, either.
[reply]

In Section Seekers of Perl Wisdom