.EVAL as a method call bypasses the MONKEY-SEE-NO-EVAL pragma

[p6rt]

Migrated from rt.perl.org#128684 (status was 'open')

Searchable as RT128684$

[p6rt]

From @zoffixznet

The EVAL as a sub shows an error message about MONKEY-SEE-NO-EVAL​:

m​: my $x = 'say "hello"'; EVAL "$x" rakudo-moar 58dc8c​: OUTPUT«===SORRY!=== Error while compiling \␤EVAL is a very dangerous function!!! (use MONKEY-SEE-NO-EVAL to override,␤but only if you're VERY sure your data contains no injection attacks)␤at \​:1␤------> my $x = 'say "hello"'; EVAL "$x"…»

However, if the method form of EVAL is used, no such error is generated​: m​: my $x = 'say "hello"'; "$x".EVAL rakudo-moar 58dc8c​: OUTPUT«hello␤»

Expected behaviour​: both versions show the error.

-- Cheers, ZZ | https://twitter.com/zoffix

[p6rt]

@coke - Status changed from 'new' to 'open'

[ab5tract]

We just ran into this again in discussion today. It's been working this way for so long that it's no longer clear whether it is unintentional or not.

Some weighing in from core devs on this could be useful.

[lizmat]

I'm afraid changing it in 6.c / 6.d would break too much code in the wild.

I wouldn't be against needing the pragma for 6.e.