oracular (3) String::Interpolate.3pm.gz
NAME
String::Interpolate - Wrapper for builtin the Perl interpolation engine.
SYNOPSIS
# Functional interface
use String::Interpolate qw( safe_interpolate interpolate );
our($GREET) = 'Hello'; # Cannot be lexical
print interpolate( '$GREET $1\n', [ 'world' ] );
# Object interface
use String::Interpolate;
my $who;
my $template = String::Interpolate->new( { WHO => \$who } );
$template->{TIME} = sub () { localtime }; # Tie $TIME to localtime()
$template->( [ qw( now it ) ] ); # Set $1, $2
$template->[3] = 'is'; # Sets $3
$who = 'old friend';
$template->( '$REV{olleH} $WHO, $2 $3 $1 $TIME$_' ); # Set string to process
$template->{REV} = sub { reverse @_ }; # Tie %REV to reverse()
$_ = '.';
print "$template\n"; # Perform interpolation
# Peform the interpolation in a Safe compartment.
my $replace = safe String::Interpolate '\u\L$1';
my $search = qr/(\w+)/;
$_ = "HELLO world\n";
s/$search/$replace/eg; # /e suppresses optimisation
print;
DESCRIPTION
"String::Interpolate" provides a neat interface to the solution to that perenial Perl problem - how to
invoke the Perl string interpolation engine on a string contained in a scalar variable.
A "String::Interpolate" object encapsulates a string and a context in which it should be subjected to
Perl interpolation. In the simplest, default, case the context is simply the namespace (package) from
which the constructor was called.
A "String::Interpolate" object may hold a reference to an array and hashes that will be used to populate
the special variables $1 etc and some package variables respectively prior to each interpolation.
In general special globally global variables such as $_ can be used in the interpolation, the exception
being @_ which is always empty during the interpolation.
The interpolated string is processed with strictures and warnings enabled excluding 'strict vars' and
'warnings uninitialized' so that interpolating undefined variables will be silently ignored. This
behaviour can be altered using the pragma() method.
Because the Perl string interpolation engine can call arbitrary Perl code you do not want to want to use
it on strings from untrusted sources without some precautions. For this reason "String::Interpolate"
objects can be made to use "Safe" compartments. This is, of course, only as safe as Safe and you are
advised to read "WARNING" section of the Safe documentation.
When interpolating in a Safe compartment package symbols are imported using tied wrapper variables so
that their values cannot be interpreted as references and such that they cannot be used to alter the
values outside the compartment. This behaviour can be suppressed by the unsafe_symbols() method. Note
that if you want to import tied variable or variables containing references to objects that use
overloading into a Safe compartment then you will need to do a lot of fancy footwork unless you use
safe_hole() method.
By default *_ is shared by Safe compartments and could potentially allow the compartment to leak. The $_
and %_ variables are therefore subjected to the same similar precautions to imported symbols. This
behaviour can be suppressed using the unsafe_underscore() method.
Perl string interpolation can, of course, throw exceptions. By default String::Interpolate objects do
not catch (or rethrow) these exceptions when working in a simple namespace and do trap them when working
in a Safe compartment. This behaviour can be overridden by the trap() or pragma() methods. If an
exception during interpolation is trapped then undef will be returned as the result of the interpolation
and $@ will hold the exception in the usual way.
When taint checking enabled, attempting to perform interpolation (using eval()) on a tainted string would
naturally fail. However, when using a Safe compartment, String::Interpolate will strip the tainting off
of the string prior to interpolation and put it back afterwards. Also String::Interpolate will taint any
arguments passed to callback functions called as the result of performing interpolation on a tainted
string. Note that due to the mechanism used to assign $1 et al they can never be tained even if the
values in the array being used to set them are tainted.
By default "String::Interpolate" does not export any subroutines but as a concession to programmers who
prefer not to explicitly use objects the functions interpolate() and safe_interpolate() are exportable.
Principle methods
new Simple constructor. Creates a empty String::Interpolate object bound to the caller's namespace and
then modifies the object by passing any arguments to the exec() method. Returns a the object.
If called as an instance method new() clones the object. Be aware, however, that this is a shallow
cloning and if array or hash reference arguments have been passed to the object the parent and clone
will continue to use the same array or hashes until one or other is passed a new argument.
Most of the other methods in String::Interpolate will implicitly call new() if called as class
methods.
safe
Alternative constructor to create a String::Interpolate object that uses an automatically allocated
temporary Safe compartment. The automatically allocated Safe compartment will have the default
opcode mask but with the 'bless' opcode denied as this can be used to execute code outside the
compartment by putting it in DESTROY methods. The 'tie' opcode is also denied although I'm not sure
if it really can be exploited in this way. There is no point explicitly passing a package or
existing safe compartment to this constructor as it will be ignored.
The argument list is passed to exec() as in new().
The safe() method can also be called on an existing object in which case it instructs the object to
forget its current Safe compartment or namespace and use an automatically allocated temporary Safe
compartment henceforth.
exec
This it the guts of the implementation but it it rarely needs to be called explicitly as it can be
more elegantly called implicitly by using the String::Interpolate object in a string or CODE
reference context. The following are equivalent pairs:
my $interpolated_string = $interpolate_object->exec;
my $interpolated_string = "$interpolate_object";
my $interpolated_string = $interpolate_object->exec(LIST);
my $interpolated_string = $interpolate_object->(LIST);
The exec() method modifies the object according the argument list. Then, if called in a non-void
context, returns the result of the interpolation. Note that the modifications are persistent. This
persistence can be avoided by creating a transient clone using the new() method.
my $string = $inter->(LIST); # $inter changed
my $string = $inter->new->(LIST); # $inter unchanged
Also, if exec() is called as a class method then it acts on a temporary String::Interpolate object
which is immediately destroyed.
The elements of the argument list are interpreted according to their type as listed below. If this
mechanism does not provide sufficient flexibility in manipulating the symbol table you can, of
course, manipulate it directly too.
ARRAY reference
Tells the object to use this array to populate the special variables $1 and so on. The object
holds a reference to the array itself and will use the values that are in the array at the time
of interpolation. This ARRAY reference is exposed via the positionals() method. The array can
also be modified by using the String::Interpolate object in an ARRAY reference context. Note,
however, that the String::Interpolate object used in an ARRAY reference context does not refer to
the array itself but to a STORE-only tied array whose subscripts are offset by one such that
$interpolate_object->[1] corresponds to $interpolate_object->positionals->[0] and hence the value
that will be interpolated for $1.
HASH reference
Tells the object to use this hash to populate some package variables immediately prior to each
interpolation. The object holds a reference to the hash itself and will use the values that are
in the hash at the time of interpolation.
After the object has been instructed to populate package variables in this way it will no longer
default to using the namespace from which the constructor was called and will instead auto-
allocate a temporary one unless told to do otherwise.
If multiple hash reference arguments are specified in a single call to exec() then each hash in
turn will be processed prior to each interpolation. However, whenever a exec() is passed one or
more hash references it forgets any previous hashes and deletes any auto-allocated temporary
package or safe compartment.
The keys of the hash should be unqualified Perl identifiers that will determine the entries in
the package symbol to be modified. Which slot in the symbol table entry is modified is
determined by the values' types as follows:
ARRAY reference
Set the symbol table entry's ARRAY slot.
HASH reference
Set the symbol table entry's HASH slot.
SCALAR reference
Set the symbol table entry's SCALAR slot.
CODE reference with prototype ()
Set the symbol table entry's SCALAR slot to point to an new tied scalar with a FETCH method
that calls the referenced code.
Note that if interpolation is taking place inside a Safe compartment the callback will, by
default, simply be called from within the compartment. The callback code will execute with a
false symbol table root so it will not be able to use any packages from the real symbol table
root. This limitation can be overcome by using the safe_hole() method.
CODE reference with prototype ($) or no prototype
Set the symbol table entry's HASH slot to point to an new tied hash with a FETCH method that
calls the referenced code.
See above for limitations if the callback is called from interpolation taking place in a Safe
compartment.
The argument passed to the callback will be stringified. It may seem like a nice idea to be
able to pass multiple arguments using an ARRAY reference but unfortunately this could open up
security problems when passing arguments out of a Safe compartment via a Safe::Hole.
Anything else
Set the symbol table entry's SCALAR slot to point scalar containing the value.
Note that since the String::Interpolate object stores a reference to the hash and updates the
symbol table prior to each interpolation, changes in the hash will be reflected in subsequent
interpolations. However, if items in the hash are deleted or changed to a different type then
the previously created symbol table entries may persist. This can be overcome by calling the
safe() or package() methods.
To simplify modifying the hash, a String::Interpolated object used in a HASH reference context
will return a reference to the last hash argument passed to object, implicitly calling exec({})
first if necessary.
my %h = ( A => 1 );
my $i = String::Interpolate->new( \%h );
$i->{B} = 2; # $h{B} = 2
GLOB or GLOB reference
Instruct the object to perform interpolation in the namespace defined by the GLOB. For example
the argument *Q:: would mean that the string should be interpolated in the context of the package
Q. The trailing '::' may be omitted.
Passing a package argument to the object causes it to stop using a Safe compartment if it
previously was doing so. If you want safe execution in a specific namespace then you need to
explicitly constuct Safe object bound to the given namespace and pass that.
Once a String::Interpolate object has been explicitly bound to a namespace it will continue to
use that namespace even if the String::Interpolate object has been (or is subsequently) passed a
hash reference argument. In this case the symbols will be created/updated in the namespace prior
to each interpolation and will persist afterwards.
See also the package() method.
Safe object
Instruct the object to perform interpolation in the given Safe compartment. Passing a Safe
object argument to the String::Interpolate object causes it to stop using a specified namespace
if it previously was doing so. If you choose to pass an explicit Safe object you should deny the
'bless' and 'tie' opcodes for the reasons discussed under the safe() method.
Once a String::Interpolate object has been explicitly bound to a Safe object it will continue to
use that object even if the String::Interpolate object has been (or is subsequently) passed a
hash reference argument. In this case the symbols will be created/updated in the namespace
associated with the Safe object prior to each interpolation and will persist afterwards.
See also the safe() method.
Safe::Hole object
Equivalent to calling the safe_hole() method with the same argument.
SCALAR reference
The referenced scalar is passed to the pragma() method.
Anything else
Use the stringified value of the argument as the string on which to perform interpolation.
Functional interface
For those heathens who don't like the OO interface.
safe_interpolate
Exportable function equivalent to String::Interpolate->safe->exec(LIST).
interpolate
Exportable function equivalent to String::Interpolate->lexicals->exec(LIST).
Ancillary methods
The following methods provide alternative interfaces and some fine tuning capabilities.
trap
Tells the String::Interpolate object whether or not to trap exceptions.
$i->trap; # Enable trapping
$i->trap(1); # Enable trapping
$i->trap(0); # Disable trapping
Returns the object so that it can be tagged on to constructor calls.
my $i = String::Interpolate->safe->trap(0);
If the trap(0) method has not been called then trapping is enabled when using a Safe compartment.
unsafe_underscore
Tells the String::Interpolate object whether or not to use "unsafe underscore" mode. In this mode no
precautions are taken to prevent malicious code attempting to reach outside it's Safe compartment
through the $_ and %_ variables.
$i->unsafe_underscore; # Enable unsafe underscore mode
$i->unsafe_underscore(1); # Enable unsafe underscore mode
$i->unsafe_underscore(0); # Disable unsafe underscore mode
Returns the object so that it can be tagged on to constructor calls.
unsafe_symbols
Tells the String::Interpolate object whether or not to use "unsafe symbol" mode. In this mode
variables are simply shared with the Safe compartment rather than being safely hidden behind
variables tied to blessed closures. The setting of this flag as no effect when not using a Safe
compartment.
$i->unsafe_symbols; # Enable unsafe symbol mode
$i->unsafe_symbols(1); # Enable unsafe symbol mode
$i->unsafe_symbols(0); # Disable unsafe symbol mode
Returns the object so that it can be tagged on to constructor calls.
lexicals
This feature is EXPERIMENTAL. Do not use it in real code.
Tells the String::Interpolate object whether or not to use the PadWalker module to import all lexical
variables from the calling context into the temporary package or Safe compartment. By default this
does not happen as it is conceptually ugly and quite expensive.
$i->lexicals; # Enable lexicals
$i->lexicals(1) # Enable lexicals
$i->lexicals(0); # Disable lexicals
Returns the object so that it can be tagged on to constructor calls.
my $i = String::Interpolate->safe->lexicals;
Enabling lexicals with a Safe compartment like this will give the code read-only access to all your
lexical variables.
Note that the lexicals used are those in scope at the final call that performs the interpolation, not
those in scope when the String::Interpolate object is constructed. Also you can't have your cake and
eat it. If you cannot use this feature at the same time as an explicit package or Safe compartment.
package
Instructs the String::Interpolate object to forget its current Safe compartment or namespace and use
the specified one henceforth. The package name can be specified as a string, a GLOB or a GLOB
reference. The trailing '::' may be omitted. With an undefined argument this method instructs the
object to use a new automatically allocated temporary namespace.
The package method Returns the object so that it can be tagged on to constructor calls. It can also
be used as a constructor.
my $i = String::Interpolate->package('Q'); # Use namespace Q::
$i->package; # Use temporary namespace
$i->package(*R); # Use namespace R::
$i->package(\*S::); # Use namespace S::
Note that the last two forms are not commonly used as GLOB or GLOB reference arguments passed to the
exec(), new() or methods are automatically passed on the the package() method.
safe_hole
Tells the String::Interpolate object whether or not to use a Safe::Hole object to wrap callbacks to
subroutines specified in the symbol mapping hash. Without a Safe::Hole eval(), symbolic references
and method calls in callbacks won't function normally.
my $i = String::Interpolate->safe->safe_hole;
# Without a Safe::Hole Wibble::wobble() would be inaccessible
$i->{FOO} = sub () { Wibble->wobble };
This feature only makes sense when evaluating in a Safe compartment and you can only use it if you
have the Safe::Hole module installed.
$i->safe_hole; # Enable use of Safe::Hole
$i->safe_hole(1); # Enable use of Safe::Hole
$i->safe_hole(0); # Disable use of Safe::Hole
$i->safe_hole($hole); # Use the Safe::Hole object $hole
This method can also be called implicitly as follows.
$i->(\'SAFE HOLE'); # Enable use of Safe::Hole
$i->(\'NO_SAFE_HOLE'); # Disable use of Safe::Hole
$i->($hole); # Use the Safe::Hole object $hole
The safe_hole() method returns the object so that it can be tagged on to constructor calls.
pragma
Specify various options including Perl code to be complied in a BEGIN{} block prior to compiling the
string to be interpolated. When working in a Safe compartment, what you can do here is, of course,
highly limited. In practice this is only useful for calling the import() an unimport() methods on
the warnings and strict modules.
For the most commonly used values, to control the handling of interpolating undefined values, the
following shorthands can also be used:
NOWARN => 'unimport warnings qw(uninitialized)'
WARN => ''
FATAL => 'import warnings FATAL => qw(uninitialized); import strict qw(vars)'
The default state for a newly created String::Interpolate object is NOWARN. All other warnings are
enabled as are 'refs' and 'subs' strictures.
You can call pragma() implicitly by passing SCALAR references to exec(). Furthermore pragma('TRAP')
is a synonym for trap(1) and pragma('NO TRAP') is a synonym for trap(0). Similarly for lexicals(),
unsafe_symbols(), unsafe_underscore() and safe_hole(). This makes the following statements
equivalent:
$i->(\'FATAL',\'NO TRAP',\'SAFE SYMBOLS');
$i->pragma('FATAL','NO_TRAP','NO UNSAFE_SYMBOLS');
$i->pragma('FATAL')->trap(0)->unsafe_symbols(0);
The pragma() method returns the object so that it can be tagged on to constructor calls.
positionals
Returns, as an lvalue, the reference to the array that holds the values to use for the positional
variables $1 and so on.
my @p = qw ( one two three );
my $i = String::Interpolate->new( \@p );
$i->positionals->[1] = "TWO"; # $p[1] = "TWO";
$i->positionals = [ qw ( X Y ) ]; # Forget @p, use anon array
undef $i->positionals; # $1 etc. inherted from caller
SEE ALSO
String::Interpolate::Shell, String::Interpolate::RE, String::Expand, String::MatchInterpolate.
REPOSITORY
<https://github.com/neilb/String-Interpolate>
AUTHOR
Created by Brian McCauley, currently maintained by Neil Bowers <neilb@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2002 by Brian McCauley.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5
programming language system itself.