Jozef Kutej <jo...@kutej.net> writes: > Ansgar Burchardt wrote: >> A YAML file can call constructors for all loaded modules? That would > > no, not constructors, there is even no way of knowing what is the name > of constructor, but even just by loading a module it is code > execution. mostly the code that makes the initialization and > import().
That can still result in interesting behaviour together with overloading. For example the attached program will access the Internet and the value of $data->{foo}->{content} can change between the two print statements (influenced by whoever operates the server). This just waits for somebody to find a way to abuse this... Regards, Ansgar
#! /usr/bin/perl package Foo; use overload '%{}' => \&f; use LWP::Simple; sub new { bless shift; } sub f { my $self = shift; bless $self, 'overload::dummy'; my $content = get($self->{url}); bless $self, 'Foo'; return { content => $content }; } 1; package main; use YAML::Syck; my $foo = Foo::new { url => "http://www.google.com/" }; my $data = LoadFile(\*DATA); # validate data print $data->{foo}->{content}; # now do something with the validated data print $data->{foo}->{content}; 1; __DATA__ --- foo: !perl/Foo url: http://www.example.org/