in reply to Re: Re: Perl script to retrieve a webpage using perl
in thread Perl script to retrieve a webpage using perl

You can make the use of wget secure by using the shell's quoting mechanism and environment variables. 

#!/usr/bin/perl -Tw

use strict;

$ENV{PATH}="/usr/local/bin:/usr/bin:/bin";
delete $ENV{IFS};
delete $ENV{BASH_ENV};

my $r;

$ENV{s}='`ls`';
$r=`echo "\$s"`;
print $r;


$ENV{s}='; ls';
$r=`echo "\$s"`;
print $r;

$ENV{s}='"; ls';
$r=`echo "\$s"`;
print $r;

[download]
produces 
$ /tmp/t45 
`ls`
; ls
"; ls

You can also use the open(WGET,"|-") construct with exec to do this safely. 


use strict;

$ENV{PATH}="/usr/local/bin:/usr/bin:/bin";
delete $ENV{IFS};
delete $ENV{BASH_ENV};

sub readoutput
{
  my $ret;
  my $pid = open(OUT,'|-');
  defined($pid) or die;
  if ($pid)
  {
    #parent
    $ret = join('',<OUT>);
    close(OUT)
      or die;
    
  }
  else
  {
    #child
    exec(@_);
  }
  $ret;
}

my($r,$s);
$s='`ls`';
$r=readoutput('echo',$s);
print $r;


$s='; ls';
$r=readoutput('echo', $s);
print $r;

$s='"; ls';
$r=readoutput('echo',$s);
print $r;

[download]
produces: 
$ /tmp/t46
`ls`
; ls
"; ls

I agree in general that this is a less safe approach, but if it's the only option it can be done safely.

In Section Seekers of Perl Wisdom