我试图围绕这个安全编码示例中发生的事情.
我重写了代码以更好地支持我的问题:
#!/usr/bin/perl
use warnings;
use strict;
use Data::Dumper;
my $prompt = 'name%n'; # The bad coding practice from the exercise.
my $password = 'badpass';
my $is_ok = ($password eq "goodpass");
print Dumper( $is_ok );
print "\n$prompt: Password ok? $is_ok\n";
print Dumper( $is_ok );
$is_ok = ($password eq "goodpass");
printf "\n$prompt: Password ok? %d\n" , $is_ok;
print Dumper( $is_ok );
当我执行脚本时,输出如下:
$ ./authenticate.pl
$VAR1 = '';
name%n: Password ok?
$VAR1 = '';
Missing argument in printf at ./authenticate.pl line 19.
name: Password ok? 0
$VAR1 = 5;
显然,$is_ok通过消耗%n在$prompt其离开%d没有匹配的参数.我不希望$is_ok改变值,为什么$is_ok设置为5printf语句?
因为那是什么%n.
Run Code Online (Sandbox Code Playgroud)%n special: *stores* the number of characters output so far into the next argument in the parameter list
解决方案是:
printf "\n%s: Password ok? %d\n", $prompt, $is_ok;