[VPM] Symbolic references with use strict in effect.

[Darren Duncan]

At 10:10 PM -0700 6/3/06, Adam Parkin wrote:
>&$nameOfSub ($args);      # call foo() via a symbolic reference
>
>And this works, but there is (IMHO) one very major problem with this: it
>is a symbolic reference, and thus if I put "use strict" at the top of my
>script, this trick no longer works.  Does anybody have a way of getting
>around this limitation?

One solution is to turn off strict for just that line of code, and 
have it on for the rest of the file.

Eg, if your example line works without strict, then you can do this:

   use strict;

   # code here is required to be strict

   {
     no strict;
     &$nameOfSub ($args); # not strict
   }

   # code here is required to be strict

This said, there are inherent security risks in doing such symbolic 
references like this.  What if someone puts 'system' as the name of 
the function to call, and 'rm -rf' as the argument.

If you're going to let people just call functions like that, it is 
better to do this in an object-oriented context, where you have an 
object that defines the functions they can call, and then do 
something like this instead:

   $obj->$nameOfSub ($args); # syntax may be wrong

Now they can't call any functions except for the methods you defined 
in the object.

Generally speaking it is good to validate input on a whitelist basis 
anyway; so that the config file doesn't invoke anything except a 
predefined list of allowed things.

-- Darren Duncan