To escape the string to be used as shell argument we use the function escapeshellarg()
in PHP
. Does Perl
have an equivalent function ?
String::ShellQuote
, but most of the time this is not needed. You simply can avoid invoking the shell by careful programming. For example, system
takes a list of arguments instead of a string.
Best practice:
use IPC::System::Simple qw(systemx);
systemx($command, @arguments);
require IPC::System::Simple;
use autodie qw(:all);
system([@allowed_exit_values], $command, @arguments);
Perl can match the following stated function:
adds single quotes around a string and quotes/escapes any existing single quotes
http://php.net/manual/en/function.escapeshellarg.php#function.escapeshellarg
like this:
sub php_escapeshellarg {
my $str = @_ ? shift : $_;
$str =~ s/((?:^|[^\\])(?:\\\\)*)'/$1'\\''/g;
return "'$str'";
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With