Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

How do you get s/// to look inside variables in the replacement string?

by markkawika (Monk)
on Nov 28, 2007 at 00:41 UTC ( [id://653430]=perlquestion: print w/replies, xml ) Need Help??

markkawika has asked for the wisdom of the Perl Monks concerning the following question:

I have a case where I'm taking user input and feeding it to perl code in the following format:
$str =~ s/$match/$repl/;
where $str, $match, and $repl are strings fed to me by my user. Ignoring the security implications of this (I know there are plenty), I cannot get perl to recognize "\1" or "$1" sequences in the $repl variable.

For example, if $str contains "abc", $match contains "(a)(.)", and $repl contains "\2\1", $str ends up containing "\2\1c" instead of "bac", as intended.

Is there any way to force s/// to process this like I want?

  • Comment on How do you get s/// to look inside variables in the replacement string?
  • Download Code

Replies are listed 'Best First'.
Re: How do you get s/// to look inside variables in the replacement string?
by almut (Canon) on Nov 28, 2007 at 01:05 UTC

    One way would be to use double eval:

    #!/usr/bin/perl my $str = 'abc'; my $match = '(a)(.)'; my $repl = '$2$1'; $str =~ s/$match/"\"$repl\""/ee; print "$str\n"; # bac
      Thanks, that does exactly what I need.
Re: How do you get s/// to look inside variables in the replacement string?
by graff (Chancellor) on Nov 28, 2007 at 01:40 UTC
    Another way is a string eval:
    $s="abc"; $m="(a)(.)"; $r=qw/$2$1/; print "eval: \$s =~ s/$m/$r/"; eval "\$s=~s/$m/$r/"; print "\nresult: $s\n";
    Handy rule of thumb for getting the escapes and interpolations right in string evals: if the string prints out looking like the expression that you want to execute, then you've got it right.

    As for security concerns, it's a question of who the users are... I don't mind doing this sort of thing in a command-line shell program, because the users already have the ability to do all sorts of damage with other shell commands, and the reason they have login shell access is that they are trusted to avoid doing damage. (They'll make mistakes, but usually that just means the eval will fail with some sort of error message.)

    In a web service, of course, you need to be very careful, and should avoid string evals based on user input altogether.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://653430]
Approved by almut
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having a coffee break in the Monastery: (6)
As of 2024-09-09 04:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.