eval with parameters
Peter
peter at aragos.ru
Sat May 20 20:49:35 BST 2006
It works! Thank you a lot!
The code should be compiled is given from xml configuration (runtime
configuration of the script). All that code is considered to be trusted.
I do not expect some troubles with it
Peter
Eric Wilhelm wrote:
> # from Fred L Youhanaie
> # on Saturday 20 May 2006 05:16 am:
>
>
>> Code string may be something like:
>>
>>> $codeString = "if ($param1->someMethods($param2)) {return
>>> $param1->{someData};} else {return $param1->{someData};}";
>>>
>> Try ' instead of " above.
>>
>
> Not all strings are untrusted code. (Think "all users can be fired
> and/or spanked.") While dynamic, code-executing configuration can
> certainly bite you, it might not.
>
> Peter, it sounds like you want to compile a closure. Best to do it
> under strict and warnings. Yes, you had better be able to trust the
> incoming code. If this is not possible, you'll need to look into
> templating or something completely different.
>
> short answer:
> my $sub = eval("sub {$codeString}");
>
> long answer:
> http://scratchcomputing.com/tmp/trusted_eval.pl
>
> --Eric
>
More information about the london.pm
mailing list