Re^4: variable subroutine call

The security issue is "not validating user input" (under certain circumstances) and not "making a string into a subroutine call". If the subroutine cannot be resolved, perl will complain (i.e. die), and done. So "validating user input" doesn't apply in the OP's context.

It is just what your shell is doing, day in, day out.

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re^4: variable subroutine call

Replies are listed 'Best First'.
Re^5: variable subroutine call by meraxes (Friar) on Dec 12, 2007 at 01:49 UTC
Once again, just my paranoia. I dig what you're saying. Perhaps "authorization" is a better representation of what I was thinking. A wee bit beyond the scope of this, yes. Didn't mean to muddy the waters. My first job was writing Perl that many other people ran to do their work and I was always conscious of the "damage" they could do with my scripts... so I find myself functioning on paranoia level 42 at all times. ;) Obviously this isn't the issue here. -- meraxes	[reply]

Replies are listed 'Best First'.

Re^5: variable subroutine call
by meraxes (Friar) on Dec 12, 2007 at 01:49 UTC

Once again, just my paranoia. I dig what you're saying. Perhaps "authorization" is a better representation of what I was thinking. A wee bit beyond the scope of this, yes. Didn't mean to muddy the waters.

My first job was writing Perl that many other people ran to do their work and I was always conscious of the "damage" they could do with my scripts... so I find myself functioning on paranoia level 42 at all times. ;)

Obviously this isn't the issue here.

--
meraxes

[reply]