SPUG: passing in a reg exp as a string, then interpolating

Joel largest at largest.org
Fri Jun 9 16:54:38 CDT 2000 

On Fri, 9 Jun 2000, Dean Hudson wrote:

> This seems pretty dangerous in general; in particular without taint
> checking. Depending on which version of perl you're running, you need
> to be careful to watch out for things like:
> 
> (?{ evil code })
> 
> That being said, you can also play around with qr//, which would allow
> you to pass options to your regex. (But I don't think you can pass the
> opts in a valiable...)
> 
> See perlop and perlre, and be careful with what you do with the user
> input.


Great point!  I should have paid more attention to Christopher saying he
was using the regex from an HTML form.  Definitely be very careful with
this.

But even more troubling, my code doesn't work!  that was, um, just a test
to see if you were paying attention....  :-)

I think this would fix my solution:


#!/usr/local/bin/perl

use strict;

my @results;
my $regex = '/^hello/';
my $test  = 'hello world';

my $expression = '$test =~ '.$regex;

push @results, $test if ( eval $expression );

print "@results\n";

__END__


Joel


> On Fri, Jun 09, 2000 at 04:18:35PM -0400, Joel wrote:
> > On Fri, 9 Jun 2000, Christopher Cavnor wrote:
> > 
> > > does anyone know how to pass a regular expression into a script (in my
> > > case, from an HTML form) and then evaluate the expression?
> > > 
> > > I am passing in a reg exp (like "/^hello/ ")as a string and grabbing
> > > it (my $regexp = /^hello/ ), and then trying to interpolate:
> > > 
> > > push @results, $k if do{ $k =~ @{[ $regexp ]};
> > > 
> > > Doesn't seem to be working. Any tricks for doing this?
> > 
> > 
> > You could use 'eval': 
> > 
> > #!/usr/local/bin/perl
> > 
> > use strict;
> > 
> > my @results;
> > my $regex = '/^hello/';
> > my $test  = 'hello world';
> > 
> > push @results, $test if ( $test =~ eval $regex );
> > 
> > print "@results\n";  # prints "hello world\n";
> > 
> > __END__
> > 
> > 
> > Joel
> > 
> > 
> >  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> >      POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
> >  Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
> >  For Subscriptions, Email to majordomo at pm.org:  ACTION  spug-list  EMAIL
> >   Replace ACTION by subscribe or unsubscribe, EMAIL by your Email address
> > 
> > 
> 
> --
> my $email = qr{ dean(h)?@(?(1)verio\.net    # @ work if h
>                             | ero\.com) }x; # other
> 


 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
     POST TO: spug-list at pm.org       PROBLEMS: owner-spug-list at pm.org
 Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
 For Subscriptions, Email to majordomo at pm.org:  ACTION  spug-list  EMAIL
  Replace ACTION by subscribe or unsubscribe, EMAIL by your Email address

More information about the spug-list mailing list