On 25 May 2016 21:03, "Father Chrysostomos via RT" wrote:
On Wed May 25 16:33:50 2016, trizenx@gmail.com wrote:
On Wed May 25 15:55:20 2016, sprout wrote:
On Wed May 25 15:42:20 2016, trizenx@gmail.com wrote:
Code simplified to:

### BEGIN-CODE ###

(?{ print "hi\n" })


### END-CODE ###
I don‘t see what the bug is here. The empty pattern re-uses the last
successful match.
I never heard of this behavior before. Is this officially documented?
perl.git$ ack 'last successful' pod
7436:interpretation as the last successful match.

2078:evaluates to the empty string, the last successfully executed regular

1559:the regexp in the I<last successful match> is used instead. So we
Personally, I see it as a security issue. For example, consider the
following artificial scenario:

### BEGIN-CODE ###

/(?{ print "sending money\n" })/x;

print "Insert regex: ";
chomp(my $regex = <STDIN>); # just press ENTER
/\Q$regex/; # will send money again

### END-CODE ###
You have to use (?:) in cases like that:

/(?{ print "sending money\n" })/x;

print "Insert regex: ";
chomp(my $regex = <STDIN>); # just press ENTER
/(?:\Q$regex\E)/; # will send money again
If a user inserts a regular expression that happens to coincide with
the last regular expression that successfully matched, but also
executed some code in (?{}), the same code will be executed again,
which is something that I don't think it should happen.
Neither do I (at least with /$foo/; with // it should stay as it is), but
it is hard to change this because of backward compatibility.

Fwiw i dont buy the back compat argument on this one. I have never seen
this feature deliberately used, most people are unaware of it and when they
discover it they consider it a bug like in this thread. In fact the only
time I have seen it used is in toy code that I wrote to demonstrate the
feature. I am convinced that nobody would notice and that the *many* issues
that have come from it over the years justifies removing it entirely.
That’s a separate issue from your original post. If you want to continue
discussing this particular point, please open a new ticket.

I agree. But feel free to quote my opinion on it when you do.


Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 10 of 16 | next ›
Discussion Overview
groupperl5-porters @
postedMay 23, '16 at 5:48p
activeMay 30, '16 at 9:13p



site design / logo © 2022 Grokbase