Re: Forced resolution of environment variables

"$FRED" only gets expanded if it is in Perl code. It sounds like you have that in data. So post-process your data with:

s/\$([A-Z0-9_]+)/$ENV{$1}/g for $myhash{$mykey}, ...;
[download]

(which doesn't require "use Env;" which is something that I would never use -- it sounds rather dangerous in some situations, allowing people to throw in variables not in your control and just to save you from typing 'ENV{' and '}'.)

- tye

Comment on Re: Forced resolution of environment variables Select or Download Code

Replies are listed 'Best First'.
Re^2: Forced resolution of environment variables by Anonymous Monk on Oct 22, 2004 at 16:36 UTC
That's only "dangerous" in a place were someone else controls your environment. But if someone else controls your environment, even a `use strict` is "dangerous", as that will allow the attacker to execute arbitrary code on your behalf. (Because the attacker can then set `PERL5LIB`, `PERL5OPT`, `PERLIO`, `PERL5SHELL`, and some other variables to make life annoying).	[reply] [d/l]
Re^3: Forced resolution of environment variables by sgifford (Prior) on Oct 22, 2004 at 18:10 UTC
Not in taint mode, which should always be used in any code executing on someone else's behalf.	[reply]
Re^2: Forced resolution of environment variables by Anonymous Monk on Oct 25, 2004 at 14:18 UTC
Thanks, folks. Interesting points about "use Env;" too.	[reply]