Do you know where your variables are?

Re: Evaluating user-entered captured groups during Perl substitution

by Anonymous Monk
on Mar 16, 2020 at 09:38 UTC

in reply to [SOLVED] Evaluating user-entered captured groups during Perl substitution

Yes, I have had to use some careful processing to untaint these inputs before this segment of the code, but I think that part is working--so assume there are no issues with taint at this point, and that the user's original input is unchanged--though feel free to suggest a better method for untainting that would dovetail nicely with the code above.


interpolate doesn't require eval. Rookie move

Re^2: Evaluating user-entered captured groups during Perl substitution
by Polyglot (Pilgrim) on Mar 16, 2020 at 12:49 UTC


    Interpolation cannot perform a substitution, nor would an intended interpolation of the variable for a capture group such as $1 interpolate correctly outside of the substitution.

    I don't mind being called a rookie. I consider myself to basically be one, despite having been learning Perl for nearly 15 years. I didn't study computer programming in college, and feel much less gifted than most here, which is why I so much appreciate the advice of those here whom I look up to for their skill. But posting inaccurate information regarding the possibility of using interpolation, and providing no example for how such would solve this issue, is not helpful.

    Because my variables have come in from an HTML form, they are "tainted," whether I like this or not. Interpolation will neither untaint them, nor perform the required substitution. If I have misunderstood, or am somehow in the wrong, I will welcome your courteous correction.



