Evaluating user-defined conditions
andy at andybev.com
Tue Jun 10 07:10:30 BST 2014
On Mon, 2014-06-09 at 11:36 +0100, Andrew Beverley wrote:
> Dear all,
> I'd like to take a condition specified by a user and use it to perform a
> set of tests on a data set. Is there a module to do this?
Thanks for all the replies.
Indeed, I can't trust the user input, but nonetheless I wondered whether
I could still use eval, but heavily sanitise the input. It seems a lot
easier than than using a parser.
Can anyone see anything wrong with the following? The user-supplied
variables are specified in square brackets, e.g. "[age]"
# Sub in the variable values
foreach my $var (@variables)
my $value = ... # Could be a string in quotes
$code =~ s/\[$var\]/$value/gi;
$_ = $code;
return unless /^[ \S]+$/; # Only allow normal spaces
return if /[\[\]]+/; # No brackets should remain
return if /\\/; # No escapes please
s/"[^"]+"//g; # Remove quoted strings
m!^([-()*+/0-9<> ]|&&|eq)+$! or return; # Allowed expression chars
More information about the london.pm