...
This compliant solution again sanitizes the untrusted user input. However, it uses the multi-arg form of open().
| Code Block | ||||
|---|---|---|---|---|
| ||||
my $file; |
...
my $dir = $ARGV[0]; |
...
croak "Argument contains unsanitary characters, stopped" if ($dir =~ m|[^-A-Za-z0-9_/.~]|); |
...
open( my $listing, "-|", "ls", "-F", $dir) or croak "error executing command: stopped"; |
...
while (<$listing>) { |
...
print "Result: $_"; |
...
} |
...
close( $listing); |
The perlfunc manpages states, regarding all but the first two arguments to open():
...