| Next | Perl Regex Engine | 10 |
(?{CODE}) in a regex executes the code
This poses a problem: Many programs contain
use CGI;
$pattern = param('pattern');
@menu = grep /$pattern/, @items;
...
You don't want the web user to be able to type in
(?{system "rm -rf /"; print "Sucker!\n"})
How to disallow this without also disallowing foo.*bar ?
We also do not want to disallow this:
@menu = grep /(?{...})$pattern/, @items;
Here the (?{...}) is perfectly safe
| Next | |
Copyright © 2001 M. J. Dominus |