Hi all,
I had an issue regarding use of `` or exec in perl . `` are considered to be unsafe. Why? In my case an user would be giving some parameters as input and I will form an command of it and execute it using ``. It is important to capture output as i have to parse the output. As well as I need to know success or failure of command. There are many such commands so use of open() to execute the command wont help.
I am clearing the input parameters if they contain following metacharacters:
$cmd =~ s/&|;|\`|\"|\*|\?|~|\(|\)|\[|\]|\n|\r/-/g;
Is this a good solution. I assume this is what taint mode does.
If I have to use exec and pass command as array as well as capture output, how can I do that?
Thanks,
Akshay