in reply to better ways than eval to dynamic load a module

I understand your reluctance to rely on a regex to catch all the ways a hacker might want to compromise your system. But isn't the expression in your example already too restrictive? /^[a-z0-9_]*$/i wouldn't allow files like Foo.pm, or even Foo/Bar.pm.

If you're too uncomfortable to use a regular expression and want to keep a list of allowable modules, you don't have to hard-code that list in your script. Keep the list in a text-file or a database, and query at run-time. Obviously, this would impact performance but if you're dynamically requireing modules, that doesn't appear to be your biggest concern.

Replies are listed 'Best First'.
Re^2: better ways than eval to dynamic load a module
by adamk (Chaplain) on Apr 18, 2005 at 03:32 UTC
    He only needs module names, note the $op->perform.

    How about something like
    use Class::Inspector;

my $op = $query->param('option');

unless ( Class::Inspector->installed($op) ) {
    die "Invalid option '$op'";
}

load as normal...

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom