Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Rewrite printf command to not use eval() * Format string is parsed into a list of literal substrings and format specifiers * The print loop executes at least once; missing argument are implied as 0 for numbers and '' for strings * Remove RESTRICTIONS section from pod now that we check input and don't allow arbitrary things into eval() * Previous version could be exploited like this: perl printf '";;CORE::dump();";dumpassaasdasd' Aborted * test1: perl printf 'hey%d' --> implicit argument of zero, "hey0" * test2: perl printf 'hey%d' 1 --> explicit argument, "hey1" * test3: perl printf 'hey%d' 1 2 3 --> format string applied 3 times, "hey1hey2hey3" * test4: perl printf '%20s:%-20s' pri ntf --> length specifier with string, " pri:ntf " * test5: perl printf --> error, at least the format string is required * test6: perl printf "\tX\r\n" | xxd --> c-escapes produce hex output: 0958 0d0a * test7: perl printf '' --> empty format string is not an error; no output
- Loading branch information