From:	dylanthomasfan	Date:	Sun Apr 13 08:12:40 2008
Subject:	Insecure dependency in eval message

Hi,

I am a Perl CGI beginner. I am trying to construct perl statements to
do depending on user input, and interpret them at runtime using eval.
I execute these commands by writing

eval $commandString;

where $commandString is constructed as per user input.

if $commandString="simpleSubroutine();" my eval works well, but if
$commandString="notSoSimpleSubroutine(\"$string1\", \"$string2\");" my
eval bombs with the following message:

Insecure dependency in eval while running with -T switch at /var/www/
CGI/process.cgi line 92. Line 92 points to the line
eval $commandString;

Any pointers on what is going on? I have read about unsafe characters,
and tried the following:

$safeCommand=uri_escape($commandString);
eval $commandString;
(that does not work).

I have also tried substituting $string1 and $string2 with literals.
I.e., I tried
$commandString="notSoSimpleSubroutine(\"delta\", \"gamma\");"
and that works just fine. So I gathered that the eval could be bombing
because, perhaps variables ($string1 and $string2) above are not safe?
However, I need the flexibility of using $string1 and $string2.

Any workaround? Any help is greatly appreciated.

Thanks.