in reply to Re^6: Bad code from the trenches
in thread Bad code from the trenches

There is no other way to force it, except the usual things that imply eval, like writing the string to a file and then require()ing it, using the string in the replacement part of a s///e expression, etc.

Note that the (?{ code }) constructs in regexes are also safe from interpolation in /$regex/ except when you explicitly use re 'eval'

"What should it profit a man, if he should win a flame war, yet lose his cool?"

Replies are listed 'Best First'.
Re^8: Bad code from the trenches
by merlyn (Sage) on Mar 14, 2005 at 14:55 UTC
    Note that the (?{ code }) constructs in regexes are also safe from interpolation in /$regex/ except when you explicitly use re 'eval'
    But that wasn't originally the case when that feature was first to be released. I argued with Ilya for a few rounds on P5P, then decided he wasn't listening. He kept saying "but they should untaint their regex" like that was even possible by mortals.

    So I simply took the position that I would personally and immediately file a CERT bug against Perl 5.00X (whatever it was) the moment it came out. Oddly enough, he "invented" "use re 'eval'" about a day after that. {grin}

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

[reply]
      Well, it wasn't just you against Ilya. It was half of p5p against Ilya (the other half not really participating). It was very unlikely Ilya's addition would have survived if he hadn't made non-evalling the default.
[reply]

In Section Meditations