in reply to Re: Force Ascii Write
in thread Force Ascii Write

As formatting marks. Good catch. The first argument of printf (not counting the file handle) is the format string. % is a special character in the format string. A spate of vulnerabilities that surfaced last year were caused by user text being used as a format string.

If you do need to use printf for whatever reason, there's a couple of alternatives: 

printf BIDWATCH '%s', $part->bodyhandle->as_string;

[download]
and 
$s = $part->bodyhandle->as_string;
$s =~ s/%/%%/g;
printf BIDWATCH $s;

[download]

Replies are listed 'Best First'.
Re^3: Force Ascii Write
by Kzin (Acolyte) on Apr 06, 2006 at 18:30 UTC
    Thanks for those tips, I'll remember it for next time. I think I should use print on the other files I am receiving as well, just to make sure I am not exposing a vulnerability.
    By Kzin
[reply]

In Section Seekers of Perl Wisdom