[Pdx-pm] I think that I'm trying to make things too hard.

Randal L. Schwartz merlyn at stonehenge.com
Tue Oct 24 03:28:17 PDT 2006

>>>>> "Juan" == Juan Jose Natera <naterajj at gmail.com> writes:

Juan> Hi,
Juan> One way of doing this is:

Juan> my $action = CGI::param('action');
Juan> eval 'require $action;' && $data->{body} = $action->generate_page();

Luckily, you put single quotes there not double quotes.
Had you actually tried to get this to work, you'd quickly discover
your box has become "owned" by bad guys.

NEVER pass unchecked form data to "eval".  Eeek!

Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

More information about the Pdx-pm-list mailing list