With great trepidation, I have to say that there is a way to pull this off. You could check out PadWalker. From the description:
PadWalker is a module which allows you to inspect (and even change!) lexical variables in any subroutine which called you. It will only show those variable which are in-scope at the point of the call.
This software appears to be brand new, so use it with care. What I want to know, however, is how you can justify a need for something like this. Yes, I've read the rest of the thread about how you don't need to worry about malicious code because it's being supplied by programmers in your company (what if they write really awful code? what if one of them is quitting and has a nice time bomb in the code?), but I still wonder what problem you are really trying to solve. For the vast majority of programmers, when the apparent solution is terribly convoluted and requires "tricks" to pull off, this suggests that you should rethink the problem. In other words, if you back up a step and let us know what you're trying to do, maybe we can offer safer alternatives.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
| [reply] |
Hi Ovid, Thanks for the link to PadWalker. I can think of one good use myself. I have a module that represents account configuration information. (Accounts don't have access to them.). It's stored in a tied hash but will evaluate scalars with a s///e when they are fetched.
This lets me say 'signup.confirm' => "Thank you $name, we will notify you shortly." in the general config. This way, I can easily customize our programs for clients. The tie module has an alias function so I can say call hash_alias( qw ($name) );. Which when the value is retrieved, it will print the correct $name. Currently, this means $name has to be a package variable for this to work.
With Padwalker, I can get around this. (We are only reading their values from here, never ever setting.) I suppose if I wanted to be extremely careful, I could assign the peek_my to a read only %hash with weakened references.
-Lee
"To be civilized is to deny one's nature."
| [reply] [d/l] |
| [reply] |
Safe won't work, I specifically want the eval'ed code to
be able to access the current namespace. The "users" in
this case are other perl programmers here at my company so I'm not worried about malicious code being entered.
| [reply] |
Well, use strict to do this.
Or, use a tied hash that catches references to non-existent keys.
| [reply] |