http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8015 --- Comment #128 from Jared Camins-Esakov <jcamins@cpbibliography.com> --- (In reply to Paul Poulain from comment #127)
Katrin, please reconsider your position = this improvement is very important for libraries, much more than a technical perlcritic violation. My opinion here is that we must decide that the user interest is more important than this single violation. (the law must serve us, we must not serve the law)
This is not a minor violation. As far as I can tell, there is unsanitized user input being run directly. Consider the following code: eval { $eval }; != eval $eval; my $r = q|/foo/fee/; print "hi";|; my @values = ("foo", "bar", "foobar"); for my $v ( @values ) { eval {"\$v =~ s$r"}; say $v; eval "\$v =~ s$r"; say $v; } Result: "hi" is printed by each eval. This example is fairly benign, but what if the regex were as follows: my $r = q|/whatever/something/; require C4::Context; $dbh = C4::Context->dbh; $dbh->do("DELETE FROM issues;")|; I was unable to test this example, since I couldn't get MARC modification templates to work during a cursory test, but I'm sure you see my point. -- You are receiving this mail because: You are watching all bug changes.