Hi,
I am a Perl CGI beginner. I am trying to construct perl statements to
do depending on user input, and interpret them at runtime using eval.
I execute these commands by writing
eval $commandString;
where $commandString is constructed as per user input.
if $commandString="simpleSubroutine();" my eval works well, but if
$commandString="notSoSimpleSubroutine(\"$string1\", \"$string2\");" my
eval bombs with the following message:
Insecure dependency in eval while running with -T switch at /var/www/
CGI/process.cgi line 92. Line 92 points to the line
eval $commandString;
Any pointers on what is going on? I have read about unsafe characters,
and tried the following:
$safeCommand=uri_escape($commandString);
eval $commandString;
(that does not work).
I have also tried substituting $string1 and $string2 with literals.
I.e., I tried
$commandString="notSoSimpleSubroutine(\"delta\", \"gamma\");"
and that works just fine. So I gathered that the eval could be bombing
because, perhaps variables ($string1 and $string2) above are not safe?
However, I need the flexibility of using $string1 and $string2.
Any workaround? Any help is greatly appreciated.
Thanks.
|
