Brian Raven<> wrote: > >Apart from the times when it is unavoidable, block evals are preferable >to string evals. Unless you have complete control over the string being >eval-ed it can represent a rather large security hole. > >Regarding saving the symbol table. It is not just the removal of symbols >created, but modification of existing symbols that may need taking care >of. Also, copying a hash just copies keys and values. If the any values >are references, only the reference is copied, not what it refers to, so >the reverse copy will not restore the state of that object after the >eval. Don't forget that lexical variables don't appear in the symbol >table, so you symbol table copy will not restore any changes made to in >scope variables made in the eval. > >There a re probably lots of other problems too. > >Sounds pretty dodgy to me. Perhaps if you said what you were trying to >accomplish by this it might be easier for someone to suggest a better >way. > >HTH > >-- >Brian Raven > Hi Brian
Right now I am just experiment with Perl and the eval() statement to see what happens internally. Several years ago (Before XMLSpy, Oxygen, Stylus Studio, etc.) I wrote an XML Editor using Perl Tk, Tk::Text::SuperText, Perl Parser's, etc. I supported various plug ins based on the DTD or Schema and the editing requirements via Perl Scripts which I executed from the editor via an eval() statement. The code within the eval accessed packages and functions within the editor but did not modify any variable within the editor. The editor performed the request functions and returned values to the code within the eval but did not modify any variables within the eval directly. When the eval code terminated I wanted to return the editor to the state it was in before the eval. One of the problems I had was Sub routines within the eval remained in the symbol table when the eval ended which could potentially produce incorrect processing of a second execution of an eval that contained different code. I think I did get around the problem by placing the code in a block but I was just wondering what else I could have done and what the potential problems are, kind of just playing with Perl's internals and dumping the results. Thanks Bill Conrad _______________________________________________ ActivePerl mailing list [email protected] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
