in reply to Re^2: Is this code secure, can I test it on my machine?
in thread Is this code secure, can I test it on my machine?
string eval is already flagged as dangerous spot and "use" too
I missed the mention of string eval. As for the use re 'eval';, it's not prevented by preventing the use of use as I suspect you can achieve the same effect without actually using use.
The new thing here is substitution with two "e"-s:
It's really just another way of writing a string eval.
is the same ass/.../.../ee
s/.../eval "..."/e
(without making '"' special).
Do I understand correctly that a single e after the substitution would only be dangerous if the code inside is dangerous
If you consider $1 safe in code, then s/.../$1/e is safe too.
|
|---|