Re: Laundering tainted 'eval'

Why read the file and eval when you can do it?

do $usrhash or die "Can't recreate user hash: $! $@";
my %newhash=%$USRLST1;
[download]

The Camel 3 taught me that. Now if I could just remember everything else in there I'd be a great perl programmer.

Update: Witty reply replaces boring 'Try this:', Mr. Muskrat 2002-05-10 1423 (GMT -0600)

Who says that programmers can't work in the Marketing Department?
Or is that who says that Marketing people can't program?

Comment on Re: Laundering tainted 'eval' Download Code

Replies are listed 'Best First'.
Re: Re: Laundering tainted 'eval' by ariels (Curate) on May 11, 2002 at 09:21 UTC
But <samp>do EXPR</samp> is an eval! The docs say: `do 'stat.pl';` [download] is just like scalar eval `cat stat.pl`; [download] ... It goes on to list some differences. The point about taint mode is not letting your program execute (some, not all!) potentially dangerous operations. Replacing an eval with do doesn't do that...	[reply] [d/l] [select]
Re: Re: Re: Laundering tainted 'eval' by Mr. Muskrat (Canon) on May 12, 2002 at 21:23 UTC
I never said it wasn't... only why read the file and eval when you can just do it. You save programming time, it's less lines of code, yadda yadda and it just sounds cooler. Who says that programmers can't work in the Marketing Department? Or is that who says that Marketing people can't program?	[reply]