Re: Re: $1 in variable regex replacement string


P is for Practical
	PerlMonks

Re: Re: $1 in variable regex replacement string

by dvergin (Monsignor)

on Feb 12, 2003 at 20:35 UTC ( [id://234819]=note: print w/replies, xml )

Need Help??

in reply to Re: $1 in variable regex replacement string
in thread $1 in variable regex replacement string

So I pose roughly the same question here that I posed to tadman -- if I go the /e or /ee route, what are the things that $repl might contain that could potentially do horrible things.

If I filter out '(?{...})' constructs, is that enough? If so, this solution is do-able.

Comment on Re: Re: $1 in variable regex replacement string

Replies are listed 'Best First'.

Re: Re: Re: $1 in variable regex replacement string
by CountZero (Bishop) on Feb 13, 2003 at 07:01 UTC

Really bad thing could happen even outside '(?{...})' constructs.

For example (this is something totally innocent, but you get the idea):

use strict;
my $str  = 'abcadefaghi';
my $pat  = qr/(a.)/;
my $repl = 'system dir ';
$str =~ s/$pat/$repl/eeg;
[download]

Of course you could try to filter out all system, exec and backticks, but that is only solving a small part of the possible problems as anything inside the $repl-variable gets run as a perl-program.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom