in reply to Interpolating variables for use in method calls

I wouldn't do that. You are untainting something that should not, IMO, be untainted. Consider an if statement and call the darn method from there. You are definitely asking for trouble with this code.

All someone would have to do is return
'NewDocument($refname);unlink(*);'

[download]

and you would wish you hadn't used this shortcut.

Update: Indeed, as noted below, you can only use letters, numbers, and _ or your regex will cast it out like so many demons. Still, there would seem to me to be just a little too much room for an exploit here. IMO, of course.

Replies are listed 'Best First'.
Re: Re: Interpolating variables for use in method calls
by dpatrick (Scribe) on Jul 13, 2001 at 23:56 UTC
    I got you, and I considered using if/elsif or a switch to
    do call the methods, which I still may do, though the regex
    I'm using only allows words containing alphabet characters
    correct?

    dap
[reply]

In Section Seekers of Perl Wisdom