md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
Philip Prindeville
philipp_subx at redfish-solutions.com
Tue Nov 7 17:50:43 EST 2006
David F. Skoll wrote:
>Philip Prindeville wrote:
>
>
>
>>Hmm. syslog() already has printf-style formatting... should the wrapper
>>occlude that functionality?
>>
>>
>
>Yes, because it's superfluous in Perl. Just use variable interpolation
>directly.
>
>
Doesn't work with hex, or floats, etc. obviously. Just strings and
integers.
>>And what about callers that have to call sprintf directly if they want to
>>handle multiple arguments?
>>
>>
>
>See above. There's never any need in Perl to use printf-style formatters.
>(Well, *hardly* any. In the unlikely case that you want something like %.10s,
>you can use sprintf.)
>
>
Except for hex, floats, packs, return values from function calls
like inet_ntoa(), etc.
>>How likely is it that there are callers that pass "%" in the message
>>string?
>>
>>
>
>Any caller that has a variable as part of the second argument would have to
>sanitize it. Having the wrapper explicitly provide a "%s" template
>makes it much safer and less error-prone.
>
>--
>David.
>
>
>
Sure. But less functional, too.
I understand that there's a danger going down that path...
Ok, what if we added md_syslog_ and had md_syslog() call into
it with "%s" as the format specifier? That way you could have
the functionality, without having existing clients risk damage.
-Philip
More information about the MIMEDefang
mailing list