Re: use re 'eval' error

2008-10-23 Thread Aristotle Pagaltzis 
* Louis-David Mitterrand [EMAIL PROTECTED] [2008-10-23 13:55]:
 What is the fix?

You have to patch Text::Markdown to add that line to the block
the regex is in. I see you have already filed a bug against
Text::Markdown, excellent.

Regards,
-- 
Aristotle Pagaltzis // http://plasmasturm.org/
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: use re 'eval' error

2008-10-23 Thread Tomas Doran 


On 23 Oct 2008, at 19:55, Louis-David Mitterrand wrote:


On Thu, Oct 23, 2008 at 05:11:27PM +0200, Aristotle Pagaltzis wrote:
* Louis-David Mitterrand vindex+lists-markdown- 
[EMAIL PROTECTED] [2008-10-23 13:55]:

What is the fix?


You have to patch Text::Markdown to add that line to the block
the regex is in. I see you have already filed a bug against
Text::Markdown, excellent.


Wouldn't a better fix be to remove the vulnerability from the regex?

In other words isn't use re 'eval'; weakening the module's security?


In this case, no, it isn't - as the string being interpolated into  
the regex is another (static) chunk of pre-compiled regex.


I've released Text::Markdown 1.0.22 this evening, which corrects  
this, and another bug.


Cheers
t0m

___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss