develooper Front page | perl.perl6.users | Postings from June 2018

Re: EVAL?

Thread Previous | Thread Next
From:
Elizabeth Mattijsen
Date:
June 13, 2018 22:34
Subject:
Re: EVAL?
Message ID:
FE63C02F-0A86-40AC-8CF8-44DA6248999E@dijkmat.nl
It is in this situation, but not necessarily always:

“$foo” is equivalent to $foo.Str

$foo is exactly what $foo is.

my $foo = 42;:wq
dd $foo;      # Int $foo = 42
dd “$foo”     # “42"

> On 14 Jun 2018, at 00:23, yary <not.com@gmail.com> wrote:
> 
> Pet peeve, "$RunSpecific" with the quotes on either side is exactly the same as $RunSpecific without the quotes. Perl isn't shell.
> 
> -y
> 
> On Wed, Jun 13, 2018 at 12:27 PM, Brandon Allbery <allbery.b@gmail.com> wrote:
> Exactly what it says: eval is a code injection attack waiting to happen. If you actually need it, you get to do your own data sanitization, and you tell Perl 6 you did so with "use MONKEY-SEE-NO-EVAL;".
> 
> On Wed, Jun 13, 2018 at 3:22 PM ToddAndMargo <ToddAndMargo@zoho.com> wrote:
> Hi All,
> 
> I am converting a program from Perl5 to Perl 6.
> 
> This line
> 
>      else { eval "$RunSpecific"; }
> 
> became this line
> 
>      else { EVAL "$RunSpecific"; }
> 
> And threw this error
> 
> $ perl6 -c GetUpdates.pl6
> ===SORRY!=== Error while compiling /home/linuxutil/GetUpdates.pl6
> EVAL is a very dangerous function!!! (use the MONKEY-SEE-NO-EVAL pragma 
> to override this error,
> but only if you're VERY sure your data contains no injection attacks)
> at /home/linuxutil/GetUpdates.pl6:6016
> ------> else { EVAL "$RunSpecific"⏏; }
> 
> 
> Any words of wisdom?
> 
> 
> Many thanks,
> -T
> 
> 
> -- 
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Serious error.
> All shortcuts have disappeared.
> Screen. Mind. Both are blank.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 
> 
> -- 
> brandon s allbery kf8nh                               sine nomine associates
> allbery.b@gmail.com                                  ballbery@sinenomine.net
> unix, openafs, kerberos, infrastructure, xmonad        http://sinenomine.net
> 

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About