String eval should be avoided at all costs [especially if you parse user
input] - functional eval is different - and is a good model for catching
errors etc
{There are some good uses of string eval - e.g. dymanically "use"ing
modules}
James
On 2017-05-30 03:46 PM, Ruben Safir wrote:
Using eval is an unacceptable security bug for all online and public
access programs that aquire data from external non-secured sources.
On Tue, May 30, 2017 at 09:39:53AM -0400, John Dunlap wrote:
Yes, I do that extensively and it works perfectly. It's as close to a true
Try/Catch block as we have in the perl world. However, I *usually* do not
return values from it because I use this construct to control my database
transaction demarcation and using the return value from outside of the eval
wouldn't be inside the transaction. With that said, I have had to do it
from time to time and it works just fine. Also, it is advisable to copy the
contents of $@ into a separate variable immediately. My understanding is
that this can prevent some weird concurrency issues, under some conditions.
My general form looks something like this,
my $return = eval {
# BEGIN DATABASE TRANSACTION
# DO SOME STUFF
# COMMIT DATA BASE TRANSACTION
return 'SOME VALUE';
};
if ($@) {
my $error = $@;
# ROLLBACK DATABASE TRANSACTION
# LOG ERROR
}
On Tue, May 30, 2017 at 4:47 AM, James Smith <j...@sanger.ac.uk> wrote:
Not really a mod_perl question but you can always wrap your method call in
an eval
my $ret = eval { $m->...() };
And then check $@ for the error message
On 2017-05-26 02:08 AM, Peng Yonghua wrote:
greeting,
I am not so good at perl/modperl,:)
In the handler, a method from a class was called, when something dies
from within the method, what's the correct way the handler will take?
for example, I wrote this API which works right if given a correct domain
name:
http://fenghe.org/domain/?d=yahoo.com
server response:
var data={"registration":"domain may be taken","domain":"yahoo.com"}
If given a wrong domain name:
http://fenghe.org/domain/?d=yahoo.nonexist
The server returns 500.
This is because, in the handler, I used this module (wrote also by me):
http://search.cpan.org/~pyh/Net-Domain-Registration-Check-0.
03/lib/Net/Domain/Registration/Check.pm
And in the module, croak like this was happened,
croak "domain TLD not exists" unless tld_exists($tld);
When handler meets the croak, it dies (I guess) and server returns 500.
How will I make the full system work right? fix on handler, or the module
itself?
Thanks.
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a company
registered in England with number 2742969, whose registered office is 215
Euston Road, London, NW1 2BE.
--
John Dunlap
*CTO | Lariat *
*Direct:*
*j...@lariat.co <j...@lariat.co>*
*Customer Service:*
877.268.6667
supp...@lariat.co
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
