In perl.git, the branch blead has been updated <http://perl5.git.perl.org/perl.git/commitdiff/bc8181d521d11f280b4b416dfc7c2bbdb00aba28?hp=1afd3306d14b1d637f928e16ad4f278f5cf59754>
- Log ----------------------------------------------------------------- commit bc8181d521d11f280b4b416dfc7c2bbdb00aba28 Merge: 0b370c0 1afd330 Author: Abigail <[email protected]> Date: Wed Jan 6 18:20:27 2010 +0100 Merge branch 'blead' of ssh://perl5.git.perl.org/gitroot/perl into blead commit 0b370c0a264633281d21c8cf13f698b896d74ce6 Author: Abigail <[email protected]> Date: Wed Jan 6 18:19:11 2010 +0100 Document that interpolating a '(??{ code })' construct in a regular expression also requires "use re 'eval'", just as '(?{ code })' does. M ext/re/re.pm M pod/perlre.pod commit 99cc5cc69e81e458dc4fa44238a666045699b2b8 Author: Abigail <[email protected]> Date: Wed Jan 6 18:11:37 2010 +0100 Fix a couple of typos and standardize on using 'regexp' instead of using a 'regex'/'regexp' mash. M ext/re/re.pm ----------------------------------------------------------------------- Summary of changes: ext/re/re.pm | 24 +++++++++++++----------- pod/perlre.pod | 6 ++++++ 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/ext/re/re.pm b/ext/re/re.pm index d9b854d..02393ce 100644 --- a/ext/re/re.pm +++ b/ext/re/re.pm @@ -1,6 +1,6 @@ package re; -# pragma for controlling the regex engine +# pragma for controlling the regexp engine use strict; use warnings; @@ -80,7 +80,7 @@ sub _load_unload { # the last time it was called. # install() returns an integer, which if casted properly - # in C resolves to a structure containing the regex + # in C resolves to a structure containing the regexp # hooks. Setting it to a random integer will guarantee # segfaults. $^H{regcomp} = install(); @@ -195,19 +195,21 @@ re - Perl pragma to alter regular expression behaviour =head2 'taint' mode When C<use re 'taint'> is in effect, and a tainted string is the target -of a regex, the regex memories (or values returned by the m// operator -in list context) are tainted. This feature is useful when regex operations +of a regexp, the regexp memories (or values returned by the m// operator +in list context) are tainted. This feature is useful when regexp operations on tainted data aren't meant to extract safe substrings, but to perform other transformations. =head2 'eval' mode -When C<use re 'eval'> is in effect, a regex is allowed to contain -C<(?{ ... })> zero-width assertions even if regular expression contains +When C<use re 'eval'> is in effect, a regexp is allowed to contain +C<(?{ ... })> zero-width assertions and C<(??{ ... })> postponed +subexpressions, even if the regular expression contains variable interpolation. That is normally disallowed, since it is a potential security risk. Note that this pragma is ignored when the regular expression is obtained from tainted data, i.e. evaluation is always -disallowed with tainted regular expressions. See L<perlre/(?{ code })>. +disallowed with tainted regular expressions. See L<perlre/(?{ code })> +and L<perlre/(?{ code })>. For the purpose of this pragma, interpolation of precompiled regular expressions (i.e., the result of C<qr//>) is I<not> considered variable @@ -216,7 +218,7 @@ interpolation. Thus: /foo${pat}bar/ I<is> allowed if $pat is a precompiled regular expression, even -if $pat contains C<(?{ ... })> assertions. +if $pat contains C<(?{ ... })> assertions or C<(??{ ... })> subexpressions. =head2 'debug' mode @@ -326,7 +328,7 @@ states as well. This output from this can be quite large. =item OPTIMISEM Enable enhanced optimisation debugging and start point optimisations. -Probably not useful except when debugging the regex engine itself. +Probably not useful except when debugging the regexp engine itself. =item OFFSETS @@ -408,7 +410,7 @@ the pattern was compiled. my ($pat, $mods) = regexp_pattern($ref); -In scalar context it returns the same as perl would when strigifying a raw +In scalar context it returns the same as perl would when stringifying a raw C<qr//> with the same pattern inside. If the argument is not a compiled reference then this routine returns false but defined in scalar context, and the empty list in list context. Thus the following @@ -423,7 +425,7 @@ or blessing of the object. =item regmust($ref) If the argument is a compiled regular expression as returned by C<qr//>, -then this function returns what the optimiser consiers to be the longest +then this function returns what the optimiser considers to be the longest anchored fixed string and longest floating fixed string in the pattern. A I<fixed string> is defined as being a substring that must appear for the diff --git a/pod/perlre.pod b/pod/perlre.pod index e040f09..c997a9e 100644 --- a/pod/perlre.pod +++ b/pod/perlre.pod @@ -1035,6 +1035,12 @@ The following pattern matches a parenthesized group: See also C<(?PARNO)> for a different, more efficient way to accomplish the same task. +For reasons of security, this construct is forbidden if the regular +expression involves run-time interpolation of variables, unless the +perilous C<use re 'eval'> pragma has been used (see L<re>), or the +variables contain results of C<qr//> operator (see +L<perlop/"qr/STRING/imosx">). + Because perl's regex engine is not currently re-entrant, delayed code may not invoke the regex engine either directly with C<m//> or C<s///>), or indirectly with functions such as C<split>. -- Perl5 Master Repository
