I remember a similar patch once before that did the expand/interpolate
thing. There was some reason people didn't like it.
> +See also ``How can I expand/interpolate variables in text strings?''
> +in this section of the FAQ.
> +=head2 How can I expand/interpolate variables in text strings?
>
> -Let's assume that you have a string like:
> +To process a string through Perl's interpolation engine simply:
>
> - $text = 'this has a $foo in it and a $bar';
> + $text = 'this has a $foo in it...\n ...and a $bar';
> + # Assume $text does not contain "\nEND\n"
> + chop ( $text = eval "<<END\n$text\nEND\n" );
> + die if $@;
I don't think we want to show eval in this context in the FAQ. It
will confused beginners to no end.
> +This will not work, for good reason, if $text is tainted. For an
> +explanation of how $text could execute arbitrary Perl see ``How do I
> +expand function calls in a string?'' in this section of the FAQ.
What is tainting? (I know. I'm being rhetorical.) That seems outside
the scope of the question.
> - $text =~ s/\$(\w+)/${$1}/g; # no /e needed
> +If $text comes from a source external to the Perl script (typically a
> +file) and you trust executable code from that source then simply
> +untaint it. This is no more or less dangerous than using C<do()>.
> +For an explaination of tainting see L<perlsec>.
Definitely outside the scope.
> -But since they are probably lexicals, or at least, they could
> -be, you'd have to do this:
> +If you do not trust the source, you can limit and launder the parts of
> +$text that are passed to eval():
>
> - $text =~ s/(\$\w+)/$1/eeg;
> - die if $@; # needed /ee, not /e
> + $text =~ s/(\$\w+)/$1/eeg; # needed /ee, not /e
I'm not sure why you removed the error checking. Sure, it doesn't
necessarily fit either, but it is better to explain it than eliminate
it.
> -See also ``How do I expand function calls in a string?'' in this section
> -of the FAQ.
> +For other variations on the theme of text templates see the sprintf()
> +function and numerous modules on CPAN.
Huh?
That's removing information.
-R
