in reply to Configurable comparisons

Just answering the question as asked.

It's not complicated, but don't look at the extra backslashes and '$' and think you can ignore them...the key is to understand them. 

my $status = "false";

do_eval( "status", "eq", "false" );
do_eval( "status", "eq", "true" );

sub do_eval {
  my ($var, $op, $val) = @_;

  print "\$$var $op \"$val\": ";

  eval "if(\$$var $op \"$val\") {print 'Equal';} else{print 'Not';}";

  print "\n";
}

[download]

Replies are listed 'Best First'.
Re: Re: Configurable comparisons
by dash2 (Hermit) on Feb 27, 2002 at 13:18 UTC
    No reason why you shouldn't answer the question as asked but be sure to point out the extreme vulnerability in the code.

    For example, suppose param('op') is and exec 'rm -rf /' and . This will then evaluate if ($status and exec 'rm -rf /' and "true") ..., which will attempt to wipe all files on your machine.

    dave hj~

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom