SPUG: passing in a reg exp as a string, then interpolating
ced at carios2.ca.boeing.com
ced at carios2.ca.boeing.com
Fri Jun 9 15:13:33 CDT 2000
> does anyone know how to pass a regular expression into a script (in my
> case, from an HTML form) and then evaluate the expression?
> I am passing in a reg exp (like "/^hello/ ")as a string and grabbing it
> (my $regexp = /^hello/ ), and then trying to interpolate:
> push @results, $k if do{ $k =~ @{[ $regexp ]};
> Doesn't seem to be working. Any tricks for doing this?
(The @{[]} is a mistake and is a severe security problem if you're
pulling the regex in from the command line. Check the CGI books or
faqs for details about laundering tainted data)
The easiest approach would be to pass in the regex without the
delimiters, e.g., just '^hello', instead of /^hello/.
Just as a guess you might want something like:
use CGI qw(:standard);
use CGI::Carp qw/fatalsToBrowser/;
...
# launder the user input for dangerous characters, e.g.,
my $regex = param('regex');
$regex =~ tr/'"\t\n\r\/<>|;//d;
# see if there's a match
my $match;
my $k = "foo bar....";
eval { $match = $k =~ /$regex/ };
if ( $@ ) {
die "regular expression error: $@";
} else {
push @results, $k if $match;
}
Rgds,
--
Charles DeRykus
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
POST TO: spug-list at pm.org PROBLEMS: owner-spug-list at pm.org
Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
For Subscriptions, Email to majordomo at pm.org: ACTION spug-list EMAIL
Replace ACTION by subscribe or unsubscribe, EMAIL by your Email address
More information about the spug-list
mailing list