Migrating to perl?

Fri Jan 5 17:44:20 EST 2001

On Sat,  6 Jan 2001 02:33:10 +0200 (IST), Moshe Zadka
<moshez at zadka.site.co.il> wrote:
>Well, there isn't anything like taint, but I've found no use for it.
>In Python, you use real functions to do stuff you do via `` in Perl.
>Compare

    Yes, let's compare a lousy Perl example against a good Python example.

>print $_, "\n" for (split `ls`);

>And

>for file in os.listdir('.'):
>	print file

    and...

opendir(FOO,'.');
@files = readdir(FOO);
closedir(FOO);
$" = "\n";
print(@files);
undef($");

>When trying to list a directory got from a CGI parameter:

>print $_, "\n" for (split `ls $var`); # security risk: first check $var, -T

>for file in os.listdir(var): # no security risk here
>	print file

opendir(FOO,$var);
@files = readdir(FOO);
closedir(FOO);
$" = "\n";
print(@files);
undef($");

    No security risk there.  

    Just because Perl has the backticks means you have to use them, especially
for trivial things like ls, date, etc!  This is the biggest problem with most
perl scripts I see.  People are lazy and don't find out the internal way to do
something correctly so they just hang shell all over the place.

    Would you say that there is a problem with Python because one can do silly
things with os.open?

>Similarily for other thing. AFAIK, the above is the idiomatic Perl to
>do it. Not to mention wildcard interpretation: it's done directly
>by Python, not passed to shell.

    It most certainly is not idiomatic Perl to do it!  It may be lousy,
beginner perl code to do it, but it is certainly not how I would consider a
fair amount of Perl programmers (not beginners) to do things.

-- 
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
         ICQ: 5107343          | main connection to the switchboard of souls.
-------------------------------+---------------------------------------------