in reply to Security with /ee modifier

I think some nasties could be concocted with unlink or rename.

I's not sure what you're doing with the nested quotations, s/$this/qq{qq{$with}}/gee. It seems like $with is all that's needed there to do what you want.

This strikes me as a dangerous thing, not easily untainted.

Added: Ah, now I see, the nested quotes isolate the replacement expression from actual execution. Nice!. 

$ perl -e'$with=q(print "baz");$_="foobar";s/(foo)(bar)/qq(qq($with))/
+ee;print'
print "baz"$

[download]
That's much less dangerous than I thought at first.

Added again - Quote punctuation can be inserted with dire effects, 

perl -e'$with=q/$2$1);print "baz";(/;$_="foobar";s/(foo)(bar)/qq(qq($w
+ith))/ee;print'
baz$

[download]
Uh-oh!

After Compline,
Zaxo

Replies are listed 'Best First'.
Re^2: Security with /ee modifier
by richard5mith (Beadle) on Sep 26, 2004 at 15:15 UTC

    Unlink just gets printed.

    $with on it's own doesn't work. The output is 1985. (2004 minus 9 minus 10). One qq{} does the same. Two qq{}'s gives the correct output.

    As taken from another perlmonk's post.

[reply]

In Section Seekers of Perl Wisdom