da w00t has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to figure out exactly what opcode gives you the functionality to do quoted string interpretation, eg when you set $foo='FOO!'; and then print "$foo"; -- what changes "$foo" into 'FOO!'. So, I threw together this script... and it ain't workin. Anyone have any experience with the safe module and Text::Template? 
#!/usr/bin/perl
use Opcode;
use Text::Template;
use Safe;
my @names = Opcode::opset_to_ops(Opcode::full_opset);

foreach my $name (@names)
{
  my (@feh);
  my ($cmptmt);
  undef $cmptmt;
  print "trying name $name..\t\t";
  $cmptmt = new Safe;
  push @feh,$name;
  $cmptmt->permit_only(@feh);
  $Journal::true = 10;
  my $template_text = '{$true}';
  my $template = new Text::Template (TYPE   => 'STRING',
                                     SOURCE => $template_text,
                                     SAFE   => $cmptmt);
  my $return_text = $template->fill_in(PACKAGE => Journal);
  if ($return_text eq "10")
  {
    print "return text is ok... ";
  $cmptmt1 = new Safe;
  $cmptmt1->permit_only(@feh);

    my $template_text1 = '{open(PASSWD,"/etc/passwd");read(PASSWD,$_,1
+,0);print}';
    $template1 = new Text::Template (TYPE   => 'STRING',
                                    SOURCE => $template_text1,
                                    SAFE   => $cmptmt1);
    if ($return_text1 = $template1->fill_in(PACKAGE => Journal) == 1)
    { print "Um, ok?\n"; }
    else
    { print "Bad!!\n"; }
  }
}

[download]

Replies are listed 'Best First'.
Re: use Safe;
by ColtsFoot (Chaplain) on May 07, 2001 at 14:02 UTC
    Sorry but could you explain what you mean by not working
    When I run your script I get the following output.
    
trying name null..              return text is ok... Um, ok?
trying name stub..              return text is ok... Um, ok?
trying name scalar..            return text is ok... Um, ok?
trying name pushmark..          return text is ok... Um, ok?
trying name wantarray..         return text is ok... Um, ok?
trying name const..             return text is ok... Um, ok?
trying name gvsv..              return text is ok... Um, ok?
trying name gv..                return text is ok... Um, ok?
trying name gelem..             return text is ok... Um, ok?
trying name padsv..             return text is ok... Um, ok?
.....
..... Many more line of a similar format
.....
trying name getlogin..          return text is ok... Um, ok?
trying name syscall..           return text is ok... Um, ok?
trying name lock..              return text is ok... Um, ok?
trying name threadsv..          return text is ok... Um, ok?
trying name setstate..          return text is ok... Um, ok?
trying name method_named..              return text is ok... Um, ok?

    [download]
[reply]
[d/l]
(tye)Re: use Safe;
by tye (Sage) on May 07, 2001 at 20:38 UTC

    The code print "trying $name..."; gets compiled into the code print "trying ".$name."...";.

    Does that help you understand?

            - tye (but my friends call me "Tye")
[reply]
[d/l]
[select]
Re: use Safe;
by da w00t (Sexton) on May 08, 2001 at 03:17 UTC
    Basically-- the code in $template_text1 should not be allowed to run inside a Safe compartment unless the specific perl opcodes are allowed. When I get the output
    trying name null..              return text is ok... Um, ok?
    that's supposed to mean that
    A), $template_text was template parsed into 1, therefore working correctly, and
    B), $template_text1 also ran just fine. I'm assuming that when I $cmptmt->permit_only("wantarray") that an open, read, and print call would fail. They're not. That's my problem.
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom