Re: User regexps


Perl-Sensitive Sunglasses
	PerlMonks

Re: User regexps

by Abigail-II (Bishop)

on Jan 14, 2004 at 15:39 UTC ( [id://321275]=note: print w/replies, xml )

Need Help??

in reply to Re: User regexps
in thread User regexps

And you should of course be aware of source code injection. Suppose the user specifies: "a/; system( 'some evil command' ); m/a" and your code is:
eval "m/$query/";
[download]

But that's not the code! Read the post. The code is:

my $re = $_->regex;
$matchtext =~ /$re/i;
[download]

There's no danger of source code injection here (unless there's an unseen use re 'eval' in an enclosing scope.

Abigail

Comment on Re: User regexps Select or Download Code

Replies are listed 'Best First'.
Re: Re: User regexps by dd-b (Monk) on Jan 14, 2004 at 18:22 UTC
Took me a while to understand why the second was safe and the first wasn't. Thanks for putting them side by side, clearly labeled, for me to think about. I would have used the second without worry, and the first (anything with an eval on user data) always worries me, but that's just habbit. Looking at these two examples bumped it back up to real understanding again, which is always nice.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://321275]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others imbibing at the Monastery: (5)

As of 2024-04-25 09:07 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found