simon.proctor has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing a content delivery system based on the Template Toolkit but with additional functionality added for configuration etc.

One feature that I am working on is to allow plugins to modify the program data as I move from one stage of the application to the next. This is in its early stages and I intend to make this as safe as possible by controlling program access as much as possible.

Currently, I am using 'require' and then 'import' to dynamically load my module and then run three predefined object methods. This is done within an eval block but I feel a little uncomfortable about that (as you can imagine :P). <bt>
Using 'safe' seems to be the answer to my problems as I can expose a single API object to the plugin compartment and control access (unless someone has a better idea?) but not having used it before I was wanting some advice.

Heres the current code where I'm using 'eval':
# -------------------------------------------------------- # Build the environment var. for the plugins # -------------------------------------------------------- my $environment = { 'parser_conf' => $conf, 'vars_conf' => $vars }; # Stage, environment hash, config object runPlugin('2',$environment,$plugin_config);
# --------------------------------------------------------- # runPlugin # ~~~~~~~~~ # Runs a plugin at a given stage of the content engine # phase. Expects the stage, # the environment and the plugin configuration as # parameters. # --------------------------------------------------------- sub runPlugin { my $setting = shift; my $environment = shift; my $plugin_config = shift; return unless defined $setting; return unless defined $environment; return unless defined $plugin_config; if(defined($plugin_config->setting($setting))) { # We have a winner my $module = $plugin_config->setting($setting); $module =~ s/\.(pm|PM)$//; eval{ # Import - create object - run code my $mainmodule = "Plugins/Core/" .$module . ".pm"; require $mainmodule; import $mainmodule; my $obj = $module->new(); $obj->run( $environment ); $obj->closedown(); }; if($@) { # Log this or something } } }