Hi merlyn

I am not a great fan of URI::Escape because (as is noted in the pod) it is much slower than rolling your own (40-700% says the pod) and also has the ability to be called in a dangerous way. eval() always scares me in code because of what you can do if you pass an appropriate value into it. Worse as it is open source you can see just how to do it.

use URI::Escape;
uri_escape(1,'hacker])//; warn "Running arbitrary code!"; s/([hacker')
+;
[download]

I don't quite see how calling $values->{$_} could return a list but....

cheers

tachyon

s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print

#build a char->hex map
for (0..255) {
    $escapes{chr($_)} = sprintf("%%%02X", $_);
}

$text =~ s/([^A-Za-z0-9\-_.!~*'()])/$escapes{$1}/g;
[download]

uri_escape($values->{$_})
[download]

If the values are more than one, you get multiple parameters passed. It's this second parameter that's causing fits, and can be a security leak!

$values->{$_} is a scalar, as hash values can only be scalars. A scalar can be a reference, a number, a string or undef, but not multiple values without dereferencing. Or that's how I have always understood scalars. I don't think there's much point in explicitly putting a scalar in scalar context with the scalar operator.

Could you please give me, if possible, an example of a scalar that returns a two-element list?

- Yes, I reinvent wheels.
- Spam: Visit eurotraQ.