New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PATCH] Error message should indicate that "use re 'eval'" is runnable code #9893
Comments
From @moritzPatch inspired by http://www.perlmonks.org/?node_id=798862 -- |
From @moritz0001-make-it-clear-that-use-re-eval-is-actually-code.patchFrom 083663742220a366b866629fc72f4b1bd1bda3fc Mon Sep 17 00:00:00 2001
From: Moritz Lenz <moritz@faui2k3.org>
Date: Fri, 2 Oct 2009 17:12:30 +0200
Subject: [PATCH] make it clear that "use re 'eval'" is actually code
---
regcomp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/regcomp.c b/regcomp.c
index 696796b..d43b43e 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -5885,7 +5885,7 @@ S_reg(pTHX_ RExC_state_t *pRExC_state, I32 paren, I32 *flagp,U32 depth)
&& IN_PERL_RUNTIME)
/* No compiled RE interpolated, has runtime
components ===> unsafe. */
- FAIL("Eval-group not allowed at runtime, use re 'eval'");
+ FAIL("Eval-group not allowed at runtime, allow it with \"use re 'eval'\"");
if (PL_tainting && PL_tainted)
FAIL("Eval-group in insecure regular expression");
#if PERL_VERSION > 8
--
1.5.6.5
|
From ben@morrow.me.ukQuoth Moritz Lenz
Should this perhaps say something more like (?{}) from variable interpolation forbidden for security reasons, ? It would be bad if people just blindly turned re "eval" on without Ben |
The RT System itself - Status changed from 'new' to 'open' |
From nj88udd02@sneakemail.comHi Ben, hi Moritz, Ben Morrow wrote:
I agree with Ben here. Maybe the even more verbose "(?{}) from variable Cheers, |
From @nwc10On Sat, Oct 03, 2009 at 10:33:16AM +0200, Steffen Mueller wrote:
I'm not sure if I'm really following this, but I think it needs something like Nicholas Clark |
From nj88udd02@sneakemail.comNicholas Clark wrote:
That's what I was trying to convey with my "see perlre on how to enable Cheers, |
From @davidnicoldue to security concerns, eval-group must be explicitly enabled: see |
@dcollinsn - Status changed from 'open' to 'stalled' |
Migrated from rt.perl.org#69536 (status was 'stalled')
Searchable as RT69536$
The text was updated successfully, but these errors were encountered: