in reply to Re^2: Slurping search-replace patterns from a file
in thread RESOLVED: Slurping search-replace patterns from a file

... and is just as vulnerable to code injection as the original solution. Add this line to the __DATA__ section: 
s/./${system "echo foo"}/

[download]
Or instead of echo foo you can write rm -rf ~/* - I think you get the idea pretty quickly.

Replies are listed 'Best First'.
Re^4: Slurping search-replace patterns from a file
by HKS (Acolyte) on Oct 14, 2008 at 16:01 UTC

    Thanks for the feedback. The eval statement works (thanks for that), but as Moritz mentioned, it's very vulnerable. I don't expect this file to be exposed to malicious users, but it's still something I'd like to mitigate, if possible.

    I'm going through the documentation of String::Interpolate, and we'll see if that meets my needs.

    Thanks again for all the help.

    -HKS

[reply]
      Note that if you have malicious users, and they can run the program on behalf of someone else, you still have a problem even you eliminate all the evals. It's not too hard to write a pattern that takes a couple of million CPU years to conclude it's not going to match. Users may not be able to run arbitrary code - they still will be able to consume CPU cycles.
[reply]

In Section Seekers of Perl Wisdom