On Wed, Apr 17, 2002 at 09:01:37PM -0400, Aaron D. Marasco wrote:
> I like something like this, where the sub name is is sub_KEYWORD (from a
> CGI, hopefully you can extract usefulness):
>
> eval "sub_".param('page') if (param && defined param('page') && defined
> "sub_".param('page'));
The last clause will always be defined. The first clause is redundant
since the "defined param('page')" is a more specific version of the
same check.
But that's not the real problem...
> &page_login; # If all else fails...
Remember what I was saying about security holes?
http://you.com/your.cgi?page=foo%3B%20system%28%27rm%20%2Drf%20%2F%27%29
If sub_foo() exists, you now have a lot of free hard drive space.
--
Michael G. Schwern <[EMAIL PROTECTED]> http://www.pobox.com/~schwern/
Perl Quality Assurance <[EMAIL PROTECTED]> Kwalitee Is Job One
O you fat bastard
anus clogged (library paste)
you're not laughing now
-- Halfjack
