use re 'eval' error

2008-10-23 Thread Louis-David Mitterrand 
Hi,

I am trying to use Text::Markdown under HTML::Mason (mod_perl) and I get
this error when calling markdown(text):

Eval-group not allowed at runtime, use re 'eval' in regex m/
( # wrap whole match in $1
!\[
(.*?) # alt text = $2
\]
.../ at /usr/share/perl5/Text/Markdown.pm line 751.

Adding "use re 'eval';" to my startup.pl file didn't help.

What is the fix?

Thanks,

-- 
http://www.lesculturelles.net
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: use re 'eval' error

2008-10-23 Thread Aristotle Pagaltzis 
* Louis-David Mitterrand <[EMAIL PROTECTED]> [2008-10-23 13:55]:
> What is the fix?

You have to patch Text::Markdown to add that line to the block
the regex is in. I see you have already filed a bug against
Text::Markdown, excellent.

Regards,
-- 
Aristotle Pagaltzis // 
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: use re 'eval' error

2008-10-23 Thread Louis-David Mitterrand 
On Thu, Oct 23, 2008 at 05:11:27PM +0200, Aristotle Pagaltzis wrote:
> * Louis-David Mitterrand <[EMAIL PROTECTED]> [2008-10-23 13:55]:
> > What is the fix?
> 
> You have to patch Text::Markdown to add that line to the block
> the regex is in. I see you have already filed a bug against
> Text::Markdown, excellent.

Wouldn't a better fix be to remove the vulnerability from the regex?

In other words isn't "use re 'eval';" weakening the module's security?

Thanks,

-- 
http://www.lesculturelles.net
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: use re 'eval' error

2008-10-23 Thread Tomas Doran 


On 23 Oct 2008, at 19:55, Louis-David Mitterrand wrote:


On Thu, Oct 23, 2008 at 05:11:27PM +0200, Aristotle Pagaltzis wrote:
* Louis-David Mitterrand [EMAIL PROTECTED]> [2008-10-23 13:55]:

What is the fix?


You have to patch Text::Markdown to add that line to the block
the regex is in. I see you have already filed a bug against
Text::Markdown, excellent.


Wouldn't a better fix be to remove the vulnerability from the regex?

In other words isn't "use re 'eval';" weakening the module's security?


In this case, no, it isn't - as the string being interpolated into  
the regex is another (static) chunk of pre-compiled regex.


I've released Text::Markdown 1.0.22 this evening, which corrects  
this, and another bug.


Cheers
t0m

___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss