The code 'if(-e "filename")' tests for existence of a file with name filename in the directory the script containing that code is executed in.
What is doing the name check? Perl? The OS? Bash on POSIX-os?
Would 'if(-e "cat string")' execute the cat command on Linux?
I want to know in order to be able to avert undesired file access like "../file" would access a file in the parent directory.
To share my check code:
if($folder =~ m/$([\\]?\.[\\]?\.|[\\]?\\|[\\]?\/|[\\]?\?|[\\]?*|[\\]?:|[\\]?\||[\\]?\"|[\\]?\<|[\\]?\>)^|$([\\]?\.[\\]?\.|[\\]?\\|[\\]?\/|[\\]?\?|[\\]?*|[\\]?:|[\\]?\||[\\]?\"|[\\]?\<|[\\]?\>)\/|\/([\\]?\.[\\]?\.|[\\]?\\|[\\]?\/|[\\]?\?|[\\]?*|[\\]?:|[\\]?\||[\\]?\"|[\\]?\<|[\\]?\>)\/|\/([\\]?\.[\\]?\.|[\\]?\\|[\\]?\/|[\\]?\?|[\\]?*|[\\]?:|[\\]?\||[\\]?\"|[\\]?\<|[\\]?\>)^|\$'[^']*'/)
{
#error
}
Updated regular expression:
if($folder =~ m/(\/|\\)|$([\\]?\.[\\]?\.^|$[\\]?(\*|\?)^|\$'[^']*'/)
{
#error
}
Explanation: $folder shall be a pure filename already. If it contains Windows or POSIX path separators or is (any escaped) parent directory back link or is (any escaped) wild card (as that matches the first matching file and returns true on Mac OS X at least) or contains a C ANSI escape sequence anywhere, signal error. Anything else, even if not legal or if shady, should simply return a "file not exists" and thus may be supplied to an 'if(-e $folder)'.
The operating system does. Perl's call to -e (as well as others like -s) are implemented by calling the C library function stat.
There is no shell involed, and therefore "cat some_file" will not be executed. Instead the OS looks for a file called "cat some_file".
stat can, of course, be called with relative path names. If you don't want that then strip away everything but the file name + extension. There are Perl modules for this kind of thing.
I don't want to debug/look into your proposed regular expression because it is, quite honestly, completey unreadable and unmaintainable.