[Melbourne-pm] Postfix conditionals and creating lexicals

Ben Hare benhare at gmail.com
Thu Jul 12 05:50:04 PDT 2012 

Sorry, I didn't mean that your coding was bad practice. What I meant
was, barring a solution, I think the answer for everyone in general is
to simply not declare a my variable in that fashion. I think the
ability to write code like:

$a = $b if ( $true )

is really nice, but ultimately it may have to go to get rid of issues
like the one you raised. In other words, I don't think your code is
wrong, I think it should cause an exception to be thrown ( but for the
reasons I explained before ie; Perl probably can't tell the
difference, this is probably hard to do ).

Ben.


On 12 July 2012 22:13, Alfie John <alfiej at opera.com> wrote:
> On Thu, Jul 12, 2012, at 08:20 PM, Ben Hare wrote:
>> This is a Perl bug IMO. You can see why this sort of thing can happen
>> due to Perl's shorthand way of writing things eg:
>>
>> if ( $foo ) {
>>     my $bar = 1; # local scope variable to the conditional block
>> }
>>
>> my $bar = 1 if $foo; # woops, no local scoping now
>>
>> You wouldn't be able to write the latter in other languages such as
>> javascript. I actually thought ( without actually testing it ) that
>> the latter would be an error but it seems not! Again tho, you can see
>> why - Perl probably can't distinguish between the two cases. I think
>> basically the answer is it would be bad practice to code in the latter
>> way.
>
> This isn't an issue of good vs bad practice. Bad practice is about not
> being clear, robust, efficient, maintainable or concise... but at least
> it still correct. My case may have been bad practice but it was also
> incorrect causing it to be unsafe - $bar was a user object in a mod_perl
> environment. Given that the code would have caused $bar to be stateful
> *across requests*, $bar could have been set as a *different user from
> somebody else's previous request*.
>
> If anyone has a local CPAN mirror, it would be interesting to see how
> many times this occurs... hopefully there won't be any exploitable cases
> in the wild!
>
> Alfie
>
> --
>   Alfie John
>   alfiej at opera.com



-- 
Ben Hare
Professional Web Development Services
ABN: 22-48-55-71-887
Phone: +61-415-607-197
Web: http://www.benhare.com
Email: ben at benhare.com

More information about the Melbourne-pm mailing list