On Dec 29, 2007 11:34 AM, Jenda Krynicky <[EMAIL PROTECTED]> wrote:
> From: "Chas. Owens" <[EMAIL PROTECTED]>
> > On Dec 28, 2007 10:15 AM, Adarsh Srivastava
> > <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > >
> > > Is there any inbuilt/external function or library that can convert a text
> > > expression (eg. "22 + 23") and evaluate the resulting value?( 45 in this
> > > case).
> > snip
> >
> > Well, the string form of eval will do this; however, it is very
> > dangerous. What if the string contained valid Perl code* to do
> > something on your system? Any time you use the string form of eval
> > you should first run the string through a regex make sure it only
> > contains things you expect it to.
>
> Another way to restrict what the evaled code may do is to use the
> Safe.pm module.
>
> use Safe;
>
> $safe = new Safe;
> $safe->reval("22+23");
snip
Nice, and it is even part of Core Perl (I really need to sit down and
go over corelist), but the default opmask isn't safe enough. To quote
the perldoc for Opode, "If safety matters to you (and why else would
you be using the Opcode module?) then you should not rely on the
definition of this, or indeed any other, optag!". Given this problem
I would say the following code is appropriate; however, all of this
assumes that the string to be eval'ed will be valid Perl code. If the
expressions you are getting expect to be able to use x^y or pow(x,y)
instead of x**y for raising x to y, you will still need to write your
own parser.
use strict;
use warnings;
use Safe;
our $matheval = Safe->new;
$matheval->allow_only(qw<atan2 sin cos exp log sqrt pow multiply
i_multiply divide i_divide modulo i_modulo add i_add subtract
i_substract int abs>);
.
.
.
my $expr = get_expresion();
my $result = $matheval->reval($expr);
die "got error [EMAIL PROTECTED] when eval'ing [$expr]" if $@;
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/
