http://qs321.pair.com?node_id=602957


in reply to Re: ascii colors from text file
in thread ascii colors from text file

Of course, if he parses the file by splitting on white space and then on "=" like most people would first think to do, then you've ensured that anyone who can edit the color file can cause him to run arbitrary code.

Maybe not a big deal for him but probably not a great meme to spread around.

Worse, your example evals the final string, not the color text once when parsing. That means if he has "$1 dollar" anywhere in his text he's getting lord knows what in place of "$1"... probably "=" or the last title word ("color15"?) depending on how his parser works. Hopefully he won't print a nice "$$$$$$$$$$$$" anywhere when decorating his report. :)

--
$you = new YOU;
honk() if $you->love(perl)