Re: subclassing, relationship, has_a problem patch, revisited

[prev] [thread] [next] [Date index for 2005/01/16]

On Sun, Jan 16, 2005 at 06:56:42PM +0000, Tony Bowden wrote:
> On Sun, Jan 16, 2005 at 06:12:42PM +0200, Aleksandr Guidrevitch wrote:
> > +use Storable ();
> > +$Storable::Deparse = $Storable::Eval = 1;
> 
> I don't really know Storable well enough. Is this a safe thing to do?
> What if people using Storable in other places want it to have other
> options?

I don't believe this is afe at all -

CODE REFERENCES
       Since Storable version 2.05, CODE references may be seri-
       alized with the help of B::Deparse. To enable this fea-
       ture, set $Storable::Deparse to a true value. To enable
       deserializazion, $Storable::Eval should be set to a true
       value. Be aware that deserialization is done through
       "eval", which is dangerous if the Storable file contains
       malicious data. You can set $Storable::Eval to a subrou-
       tine reference which would be used instead of "eval". See
       below for an example using a Safe compartment for deseri-
       alization of CODE references.

If you're going to force these options at all, the answer would be to do

local $Storable::Deparse = 1;
local $Storable::Eval = 1;

in a BLOCK created specifically for the Storable operation so that the local
declarations go out of scope and are removed immediately after the operation
is complete.

        -- 
        Bring me my etherkiller; Oh clouds unfold! / Bring me the magic smoke of desire
I shall not cease from mental fight / Nor shall my LART rest in my hand
Till we have buried the bodies / Of all the lusers in all this land
  -- rpg, ASR                        [ My homepage is http://www.trout.me.uk/ ]