Re^4: Slurping search-replace patterns from a file

in reply to Re^3: Slurping search-replace patterns from a file
in thread RESOLVED: Slurping search-replace patterns from a file

Thanks for the feedback. The eval statement works (thanks for that), but as Moritz mentioned, it's very vulnerable. I don't expect this file to be exposed to malicious users, but it's still something I'd like to mitigate, if possible.

I'm going through the documentation of String::Interpolate, and we'll see if that meets my needs.

Thanks again for all the help.

-HKS

Comment on Re^4: Slurping search-replace patterns from a file

Replies are listed 'Best First'.
Re^5: Slurping search-replace patterns from a file by JavaFan (Canon) on Oct 14, 2008 at 16:07 UTC
Note that if you have malicious users, and they can run the program on behalf of someone else, you still have a problem even you eliminate all the evals. It's not too hard to write a pattern that takes a couple of million CPU years to conclude it's not going to match. Users may not be able to run arbitrary code - they still will be able to consume CPU cycles.	[reply]

In Section Seekers of Perl Wisdom