in reply to Re^7: Bad code from the trenches
in thread Bad code from the trenches

Note that the (?{ code }) constructs in regexes are also safe from interpolation in /$regex/ except when you explicitly use re 'eval'
But that wasn't originally the case when that feature was first to be released. I argued with Ilya for a few rounds on P5P, then decided he wasn't listening. He kept saying "but they should untaint their regex" like that was even possible by mortals.

So I simply took the position that I would personally and immediately file a CERT bug against Perl 5.00X (whatever it was) the moment it came out. Oddly enough, he "invented" "use re 'eval'" about a day after that. {grin}

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Replies are listed 'Best First'.
Re^9: Bad code from the trenches
by Anonymous Monk on Mar 14, 2005 at 15:16 UTC
    Well, it wasn't just you against Ilya. It was half of p5p against Ilya (the other half not really participating). It was very unlikely Ilya's addition would have survived if he hadn't made non-evalling the default.
[reply]

In Section Meditations