I can forgive novices for writing clunky Perl code because they're following the example of far too many books and tutorials. If you date the Perl Renaissance to the year 2000 (as I do), then you can identify code written before that point and code written after that point.
If modern Perl is safer or easier or clearer or simpler or cleaner to write than legacy Perl, then it should be possible to explain how and why to use modern features in lieu of older features.
There are two forms of the
open() function in Perl 5. The modern version takes three arguments: the filehandle to open or vivify, the mode of the filehandle, and the name of the file.
The legacy version has two arguments, only the filehandle and the name of the file. The mode of the file comes from the filename; if the filename starts (or ends) with any of several special characters,
open() parses them off and uses them.
If you accidentally use a filename with those special characters with the
two-arg form of
open(), your code will not behave as you expect.
This is especially a problem if you're not careful about sanitizing user input,
and if any user input ever becomes part of a filename. Consider:
open my $fh, ">$filename" # INSECURE CODE; do not use or die "Can't write to '$filename': $!\n";
While this code appears to open
$filename for writing, an
$filename could start with
> to force
appending mode, or
- to open STDOUT (though I suspect you have to
work really hard to force this). Likewise, code without any explicit mode in
the second and final parameter is susceptible to any special mode
Extracting file modes into a separate parameter to this function prevents Perl from parsing the filename at all and removes the possibility for this unintentional behavior. As Damian Conway has mentioned, using a separate file mode parameter also makes the intention of the code clearer:
open my $fh, '>', $filename # safer and clearer or die "Can't write to '$filename': $!\n";
The modern version of this code is safer and clearer, and it's been available since Perl 5.6.0, released on 22 March 2000. There's no reason not to use the modern version. (If you need your code to run on Perl 5.005, try a core module such as IO::Handle. If you need your code to run on older versions of Perl 5, you have my sympathy.)