[Melbourne-pm] Postfix conditionals and creating lexicals

Ben Hare benhare at gmail.com
Thu Jul 12 05:53:24 PDT 2012 

so you should be forced to declare a variable first like:

my $foo;
$foo = $bar if ( $something );

On 12 July 2012 22:20, Ben Hare <benhare at gmail.com> wrote:
> Sorry, I didn't mean that your coding was bad practice. What I meant
> was, barring a solution, I think the answer for everyone in general is
> to simply not declare a my variable in that fashion. I think the
> ability to write code like:
>
> $a = $b if ( $true )
>
> is really nice, but ultimately it may have to go to get rid of issues
> like the one you raised. In other words, I don't think your code is
> wrong, I think it should cause an exception to be thrown ( but for the
> reasons I explained before ie; Perl probably can't tell the
> difference, this is probably hard to do ).
>
> Ben.
>
>
> On 12 July 2012 22:13, Alfie John <alfiej at opera.com> wrote:
>> On Thu, Jul 12, 2012, at 08:20 PM, Ben Hare wrote:
>>> This is a Perl bug IMO. You can see why this sort of thing can happen
>>> due to Perl's shorthand way of writing things eg:
>>>
>>> if ( $foo ) {
>>>     my $bar = 1; # local scope variable to the conditional block
>>> }
>>>
>>> my $bar = 1 if $foo; # woops, no local scoping now
>>>
>>> You wouldn't be able to write the latter in other languages such as
>>> javascript. I actually thought ( without actually testing it ) that
>>> the latter would be an error but it seems not! Again tho, you can see
>>> why - Perl probably can't distinguish between the two cases. I think
>>> basically the answer is it would be bad practice to code in the latter
>>> way.
>>
>> This isn't an issue of good vs bad practice. Bad practice is about not
>> being clear, robust, efficient, maintainable or concise... but at least
>> it still correct. My case may have been bad practice but it was also
>> incorrect causing it to be unsafe - $bar was a user object in a mod_perl
>> environment. Given that the code would have caused $bar to be stateful
>> *across requests*, $bar could have been set as a *different user from
>> somebody else's previous request*.
>>
>> If anyone has a local CPAN mirror, it would be interesting to see how
>> many times this occurs... hopefully there won't be any exploitable cases
>> in the wild!
>>
>> Alfie
>>
>> --
>>   Alfie John
>>   alfiej at opera.com
>
>
>
> --
> Ben Hare
> Professional Web Development Services
> ABN: 22-48-55-71-887
> Phone: +61-415-607-197
> Web: http://www.benhare.com
> Email: ben at benhare.com



-- 
Ben Hare
Professional Web Development Services
ABN: 22-48-55-71-887
Phone: +61-415-607-197
Web: http://www.benhare.com
Email: ben at benhare.com

More information about the Melbourne-pm mailing list