Re: Laundering tainted 'eval'

Untaint your input string and eval it inside a Safe partition:

  $code = <USRHASH>;
  
  # Blindly untaint
  ( $code ) = ( $code =~ m/(.*)/s );
  
  # Safe eval
  require Safe;
  $USRLST1 = Safe->new->reval( $code );
[download]

The regex removes the taint from $code, and the Safe->new->reval() ensures that the code can only construct a value and return it, without being able to do file I/O, mess with your internal variables, etc. See Safe for more details.

Comment on Re: Laundering tainted 'eval' Download Code