Re: Using eval to s/// with a pattern supplied on the command-line

Don't you think you should have the user supply a pattern and a replacement as two separate arguments, and then plug them into s/// yourself (which would not require an eval)? What you're really doing is allowing the user to insert any code at all.

Caution: Contents may have been coded under pressure.

Comment on Re: Using eval to s/// with a pattern supplied on the command-line

Replies are listed 'Best First'.
Re^2: Using eval to s/// with a pattern supplied on the command-line by Tanktalus (Canon) on Mar 16, 2005 at 23:50 UTC
Actually, if you want to allow backreferences, it will still require an eval. And, really, security is one thing for random users doing nasty things (especially, but not particularly limited to, CGI), but sometimes you just want the power of perl (and its regexp engine) made trivially simple at the commandline. I think this is one of the latter cases. ;-)	[reply]
Re^3: Using eval to s/// with a pattern supplied on the command-line by ChrisS (Monk) on Mar 17, 2005 at 16:25 UTC
You're right. The utility I've been asked to provide is not intended to be used by anyone other than the requester, who wants the flexibility, and is aware of the risk, but not concerned. Thanks to all of you who responded!	[reply]