in reply to Re: Laundering tainted 'eval'
in thread Laundering tainted 'eval'

But <samp>do EXPR</samp> is an eval! The docs say: 

do 'stat.pl';

[download]
is just like 
scalar eval `cat stat.pl`;

[download]
...
It goes on to list some differences.

The point about taint mode is not letting your program execute (some, not all!) potentially dangerous operations. Replacing an eval with do doesn't do that...

Replies are listed 'Best First'.
Re: Re: Re: Laundering tainted 'eval'
by Mr. Muskrat (Canon) on May 12, 2002 at 21:23 UTC
    I never said it wasn't...
    only why read the file and eval when you can just do it.
    You save programming time, it's less lines of code, yadda yadda and it just sounds cooler.
    Who says that programmers can't work in the Marketing Department?
    Or is that who says that Marketing people can't program?
[reply]

In Section Seekers of Perl Wisdom