note
extremely
Of course, if he parses the file by splitting on white space and then on "=" like most people would first think to do, then you've ensured that anyone who can edit the color file can cause him to run arbitrary code.
<p>Maybe not a big deal for him but probably not a great meme to spread around.
<p>Worse, your example <code>eval</code>s the final string, not the color text once when parsing. That means if he has "$1 dollar" anywhere in his text he's getting lord knows what in place of "$1"... probably "=" or the last title word ("color15"?) depending on how his parser works. Hopefully he won't print a nice "$$$$$$$$$$$$" anywhere when decorating his report. :)
<!-- Node text goes above. Div tags should contain sig only -->
<div class="pmsig"><div class="pmsig-20087">
<p><i>-- <br>
$you = new YOU;<br>
honk() if $you->love(perl)</i>
</div></div>
602912
602919