31.17. use reThis pragma controls the use of regular expressions. It has four possible invocations: "taint" and "eval", which are lexically scoped, plus "debug" and "debugcolor", which aren't. When use re 'taint' is in effect and a tainted string is the target of a regex, the numbered regex variables and values returned by the m// operator in list context are all tainted. This is useful when regex operations on tainted data aren't meant to extract safe substrings, but to perform other transformations. See the discussion on tainting in Chapter 23, "Security".use re 'taint'; # Contents of $match are tainted if $dirty was also tainted. ($match) = ($dirty =~ /^(.*)$/s); # Allow code interpolation: use re 'eval'; $pat = '(?{ $var = 1 })'; # embedded code execution /alpha${pat}omega/; # won't fail unless under -T # and $pat is tainted use re 'debug'; # like "perl -Dr" /^(.*)$/s; # output debugging info during # compile time and run time use re 'debugcolor'; # same as 'debug', # but with colored output When use re 'eval' is in effect, a regex is allowed to contain assertions that execute Perl code, which are of the form (?{ ... }), even when the regex contains interpolated variables. Execution of code segments resulting from variable interpolation into a regex is normally disallowed for security reasons: you don't want programs that read patterns from config files, command-line arguments, or CGI form fields to suddenly start executing arbitrary code if they weren't designed to expect this possibility. This use of the pragma allows only untainted strings to be interpolated; tainted data will still cause an exception to be raised (if you're running with taint checks enabled). See also Chapter 5, "Pattern Matching", and Chapter 23, "Security". For the purposes of this pragma, interpolation of precompiled regular expressions (produced by the qr// operator) is not considered variable interpolation. Nevertheless, when you build the qr// pattern it needs to have use re 'eval' in effect if any of its interpolated strings contain code assertions. For example: Under use re 'debug', Perl emits debugging messages when compiling and when executing regular expressions. The output is the same as that obtained by running a "debugging Perl" (one compiled with -DDEBUGGING passed to the C compiler) and then executing your Perl program under Perl's -Dr command-line switch. Depending on how complicated your pattern is, the resulting output can be overwhelming. Calling use re 'debugcolor' enables more colorful output that can be useful, provided your terminal understands color sequences. Set your PERL_RE_TC environment variable to a comma-separated list of relevant termcap(5) properties for highlighting. For more details, see Chapter 20, "The Perl Debugger".$code = '(?{ $n++ })'; # code assertion $str = '\b\w+\b' . $code; # build string to interpolate $line =~ /$str/; # this needs use re 'eval' $pat = qr/$str/; # this also needs use re 'eval' $line =~ /$pat/; # but this doesn't need use re 'eval' Copyright © 2002 O'Reilly & Associates. All rights reserved. |
|