On that qx again:
Is it really a security issue if I do:
qx{./hook-start} if (-x './hook-start');
And similar with the other hooks?
I mean that are shell scripts the user writes himself as these should be executed on certain events. How is this supposed to create a shell injection?
That would be the case if the argument to qx would be (there are other places) in a variable - yes?
But not in these cases. Just asking...
Rico
If there's no arguments, or the command is hard coded, there's no security issue with backticks/qx to the best of my knowledge.