Re^3: Launching Internet Explorer

ikegami, granted that your method works. But it's a wee bit vague just to say it's safer to avoid the shell. Could you be so kind as to explain why it's safer?

Thanks for the information about "start"; that seems quite useful.

s''(q.S:$/9=(T1';s;(..)(..);$..=substr+crypt($1,$2),2,3;eg;print$..$/

Comment on Re^3: Launching Internet Explorer

Replies are listed 'Best First'.
Re^4: Launching Internet Explorer by Raster Burn (Beadle) on Sep 26, 2006 at 17:35 UTC
In your case, I don't think it's safer. If $link was set by the user, he can set it to something like 'http://own3d.com ; format c:' (I just made that up). I'm not sure if that's a valid shell script in cmd.exe, but you get the picture. If you use the shell-safe construct, it would look to the shell like ie.exe 'http://own3d.com ; format c:', where $link is one paremeter. There's no chance for the use to do nasty things via the shell	[reply]
Re^4: Launching Internet Explorer by ikegami (Patriarch) on Sep 26, 2006 at 17:16 UTC
When passing a command line to the shell, it must be properly quoted and escaped. When using the list form of `system` and `exec`, the shell is not invoked, so no quoting and escaping is needed.	[reply] [d/l] [select]