Hi Bryan!
Thanks for not top-posting and for following E-mail netiquette. See below for
my response.
On Sunday 21 Feb 2010 05:01:12 Bryan R Harris wrote:
> > On Saturday 20 Feb 2010 04:53:18 Bryan R Harris wrote:
> >> This is unintuitive:
> >> perl -e 'print "> "; while(<>) {print(( eval $_ )[-1], "\n> ")}'
> >>
> >> ... then enter 2*012. It prints "20". 2*12 is obviously 24, but perl's
> >> interpreting that "012" as octal. We sometimes have our numbers zero
> >> padded to make the columns line up, they're not octal.
> >>
> >> Is there any way to keep perl's eval from interpreting numbers starting
> >> with "0" as octal?
> >
> > No, there isn't. But why are you writing a custom calculator using eval?
> > A user may enter something like << system('rm -fr $HOME'); >> and get
> > his home directory deleted. And other stuff like that.
>
> Because this isn't a web app, it's a script on a shared drive. If the
> users wanted to do that, they could just type that command at the
> terminal.
I see. However, they may come to trust it as a calculator and not be aware of
such problems with its evaluation. So for example, they can set up a script to
process E-mails, and then some malicious correspondent will trick them.
>
> > If you're interested in writing a calculator or a different interpreter
> > the look at parser-generator modules:
> >
> > http://www.nntp.perl.org/group/perl.module-authors/2009/09/msg7844.html
>
> Wow, I'm not even sure how that discussion connects to my situation -- I
> don't recognize enough of the words to make the connection (this is a
> beginners list, remember? =)
OK, let me explain. Let's suppose you want to evaluate mathematical
expressions and let's suppose you didn't have eval "" or would rather not use
it (from the reasons I mentioned and others). So you need to turn this
expression:
5+6*3
Into a tree of tokens like the following:
[+] ------> 5
|
----> [*] ---> 6
|
------> 3
Then you can easily evaluate this tree and find the final expression. So you
need to write a *parser* for that:
http://en.wikipedia.org/wiki/Parsing
What a parser generator gives you is a parser for a certain given, mostly
arbitrary, grammar (expressed as a
http://en.wikipedia.org/wiki/Formal_language ) . So you can use it. And you
can define this grammar to treat leading zeros as decimal or anything else you
want, and you don't need to use eval "" which will allow inputting and
executing any given arbitrary Perl command.
Regards,
Shlomi Fish
--
-----------------------------------------------------------------
Shlomi Fish http://www.shlomifish.org/
What Makes Software Apps High Quality - http://shlom.in/sw-quality
Deletionists delete Wikipedia articles that they consider lame.
Chuck Norris deletes deletionists whom he considers lame.
Please reply to list if it's a mailing list post - http://shlom.in/reply .
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
