http://www.perlmonks.org?node_id=996933


in reply to How to import names from a dynamically required module

Use something Class::Load rather than eval STRING; almost no one checks $package_name for sanity. If that comes from anything at all untrusted, you have a code injection vulnerability.


Improve your skills with Modern Perl: the free book.

Replies are listed 'Best First'.
Re^2: How to import names from a dynamically required module
by jds17 (Pilgrim) on Oct 02, 2012 at 23:13 UTC
    chromatic, you are right. I will strip out eval completely and use Class::Load.