[Melbourne-pm] Postfix conditionals and creating lexicals
Alfie John
alfiej at opera.com
Thu Jul 12 05:43:41 PDT 2012
On Thu, Jul 12, 2012, at 08:20 PM, Ben Hare wrote:
> This is a Perl bug IMO. You can see why this sort of thing can happen
> due to Perl's shorthand way of writing things eg:
>
> if ( $foo ) {
> my $bar = 1; # local scope variable to the conditional block
> }
>
> my $bar = 1 if $foo; # woops, no local scoping now
>
> You wouldn't be able to write the latter in other languages such as
> javascript. I actually thought ( without actually testing it ) that
> the latter would be an error but it seems not! Again tho, you can see
> why - Perl probably can't distinguish between the two cases. I think
> basically the answer is it would be bad practice to code in the latter
> way.
This isn't an issue of good vs bad practice. Bad practice is about not
being clear, robust, efficient, maintainable or concise... but at least
it still correct. My case may have been bad practice but it was also
incorrect causing it to be unsafe - $bar was a user object in a mod_perl
environment. Given that the code would have caused $bar to be stateful
*across requests*, $bar could have been set as a *different user from
somebody else's previous request*.
If anyone has a local CPAN mirror, it would be interesting to see how
many times this occurs... hopefully there won't be any exploitable cases
in the wild!
Alfie
--
Alfie John
alfiej at opera.com
More information about the Melbourne-pm
mailing list