Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer - Write C<< open $fh, q{<:encoding}, $filename; >> instead of C<< open $fh, q{{<:utf8}, $filename; >>. |
Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer - Write open $fh, q{<:encoding(UTF-8)}, $filename;
instead of open $fh, q{{<:utf8}, $filename;
.
This Policy is part of the core Perl::Critic distribution.
Use of the :utf8
I/O layer (as opposed to :encoding(UTF8)
or
:encoding(UTF-8)
) was suggested in the Perl documentation up to
version 5.8.8. This may be OK for output, but on input :utf8
does not
validate the input, leading to unexpected results.
An exploit based on this behavior of :utf8
is exhibited on PerlMonks
at http://www.perlmonks.org/. The exploit involves a
string read from an external file and sanitized with m/^(\w+)$/
,
where $1
nonetheless ends up containing shell meta-characters.
To summarize:
open $fh, '<:utf8', 'foo.txt'; # BAD open $fh, '<:encoding(UTF8)', 'foo.txt'; # GOOD open $fh, '<:encoding(UTF-8)', 'foo.txt'; # BETTER
See the Encode documentation for the difference between
UTF8
and UTF-8
. The short version is that UTF-8
implements the
Unicode standard, and UTF8
is liberalized.
For consistency's sake, this policy checks files opened for output as
well as input, For complete coverage it also checks binmode()
calls,
where the direction the operation can not be determined.
This Policy is not configurable except for the standard options.
Because Perl::Critic
does a static analysis, this policy can not
detect cases like
my $encoding = ':utf8'; binmode $fh, $encoding;
where the encoding is computed.
perldoc -f binmode
http://www.socialtext.net/perl5/index.cgi
Thomas R. Wyant, III wyant at cpan dot org
Copyright (c) 2010-2011 Thomas R. Wyant, III
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
Perl::Critic::Policy::InputOutput::RequireEncodingWithUTF8Layer - Write C<< open $fh, q{<:encoding}, $filename; >> instead of C<< open $fh, q{{<:utf8}, $filename; >>. |