diff options
| author | Abigail <abigail@abigail.be> | 2010-01-06 18:19:11 +0100 |
|---|---|---|
| committer | Abigail <abigail@abigail.be> | 2010-01-06 18:19:11 +0100 |
| commit | 0b370c0a264633281d21c8cf13f698b896d74ce6 (patch) | |
| tree | 7efe210f87821156d371833211f4c8a58fe16305 /ext/re | |
| parent | 99cc5cc69e81e458dc4fa44238a666045699b2b8 (diff) | |
| download | perl-0b370c0a264633281d21c8cf13f698b896d74ce6.tar.gz | |
Document that interpolating a '(??{ code })' construct in a regular
expression also requires "use re 'eval'", just as '(?{ code })' does.
Diffstat (limited to 'ext/re')
| -rw-r--r-- | ext/re/re.pm | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ext/re/re.pm b/ext/re/re.pm index 570160150b..02393ce37b 100644 --- a/ext/re/re.pm +++ b/ext/re/re.pm @@ -203,11 +203,13 @@ other transformations. =head2 'eval' mode When C<use re 'eval'> is in effect, a regexp is allowed to contain -C<(?{ ... })> zero-width assertions even if the regular expression contains +C<(?{ ... })> zero-width assertions and C<(??{ ... })> postponed +subexpressions, even if the regular expression contains variable interpolation. That is normally disallowed, since it is a potential security risk. Note that this pragma is ignored when the regular expression is obtained from tainted data, i.e. evaluation is always -disallowed with tainted regular expressions. See L<perlre/(?{ code })>. +disallowed with tainted regular expressions. See L<perlre/(?{ code })> +and L<perlre/(?{ code })>. For the purpose of this pragma, interpolation of precompiled regular expressions (i.e., the result of C<qr//>) is I<not> considered variable @@ -216,7 +218,7 @@ interpolation. Thus: /foo${pat}bar/ I<is> allowed if $pat is a precompiled regular expression, even -if $pat contains C<(?{ ... })> assertions. +if $pat contains C<(?{ ... })> assertions or C<(??{ ... })> subexpressions. =head2 'debug' mode |