Re: creating dynamically named 'my' variables

Replies are listed 'Best First'.
Re: Re: creating dynamically named 'my' variables by ajwans (Scribe) on Mar 01, 2002 at 04:13 UTC
That's fine for most things, but as stated I want perl to catch accesses to variables that don't exist in the user inputted perl code.	[reply]
(Ovid - don't tell anyone I told you) Re(3): creating dynamically named 'my' variables by Ovid (Cardinal) on Mar 01, 2002 at 05:11 UTC
With great trepidation, I have to say that there is a way to pull this off. You could check out PadWalker. From the description: PadWalker is a module which allows you to inspect (and even change!) lexical variables in any subroutine which called you. It will only show those variable which are in-scope at the point of the call. This software appears to be brand new, so use it with care. What I want to know, however, is how you can justify a need for something like this. Yes, I've read the rest of the thread about how you don't need to worry about malicious code because it's being supplied by programmers in your company (what if they write really awful code? what if one of them is quitting and has a nice time bomb in the code?), but I still wonder what problem you are really trying to solve. For the vast majority of programmers, when the apparent solution is terribly convoluted and requires "tricks" to pull off, this suggests that you should rethink the problem. In other words, if you back up a step and let us know what you're trying to do, maybe we can offer safer alternatives. Cheers, Ovid Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.	[reply]
Re: (Ovid - don't tell anyone I told you) Re(3): creating dynamically named 'my' variables by shotgunefx (Parson) on Mar 01, 2002 at 09:54 UTC
Hi Ovid, Thanks for the link to PadWalker. I can think of one good use myself. I have a module that represents account configuration information. (Accounts don't have access to them.). It's stored in a tied hash but will evaluate scalars with a s///e when they are fetched. This lets me say 'signup.confirm' => "Thank you $name, we will notify you shortly." in the general config. This way, I can easily customize our programs for clients. The tie module has an alias function so I can say call `hash_alias( qw ($name) );`. Which when the value is retrieved, it will print the correct $name. Currently, this means $name has to be a package variable for this to work. With Padwalker, I can get around this. (We are only reading their values from here, never ever setting.) I suppose if I wanted to be extremely careful, I could assign the peek_my to a read only %hash with weakened references. -Lee "To be civilized is to deny one's nature."	[reply] [d/l]
Re: Re: Re: creating dynamically named 'my' variables by rob_au (Abbot) on Mar 01, 2002 at 04:25 UTC
Hmmm, I'm not exactly sure what it is that you are trying to do but you may want to investigate the Safe module for the evaluation of supplied Perl code. This module allows you to evaluate Perl code in a contained compartment where restrictions can be imposed on allowed and disallowed operators - This can be very important where the code is derived from a potentially unsafe source. `perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'`	[reply]
Re: Re: Re: Re: creating dynamically named 'my' variables by ajwans (Scribe) on Mar 01, 2002 at 05:01 UTC
Safe won't work, I specifically want the eval'ed code to be able to access the current namespace. The "users" in this case are other perl programmers here at my company so I'm not worried about malicious code being entered.	[reply]
Re: Re: Re: creating dynamically named 'my' variables by rrwo (Friar) on Mar 01, 2002 at 04:44 UTC
Well, use strict to do this. Or, use a tied hash that catches references to non-existent keys.	[reply]


Syntactic Confectionery Delight
	PerlMonks