messju mohr
9/24/2003 6:21:00 PM
On Thu, Sep 25, 2003 at 03:15:25AM +0900, dblack@superlink.net wrote:
> Hi --
>
> On Thu, 25 Sep 2003, Hal Fulton wrote:
>
> > Johan Holmberg wrote:
> > > I think it is quite "ok".
> > > At least there is no extra copying (or serialization) of "val"
> > > as in my original example.
> >
> > This is probably obvious and likely irrelevant, but I will mention
> > that a caller could do something malicious by passing in an "evil"
> > string to be evaluated.
>
> I don''t want to be responsible for encouraging non-vigilance toward
> things like this... but if val is a string, wouldn''t eval''ing val
> just result in the string, not a further evaluation of the string?
>
> a = "puts ''hi''"
> eval "b = a"
>
> b is now "puts ''hi''", but ''hi'' doesn''t get puts''d.
>
> (Or is there another, more evil scenario I''m not thinking of?)
he meant this line:
eval "$#{name} = val"
and passing sth. evil in "name"
greetings
messju
> David