- # evaluate <<perl-code>>
- while ($htmldoc =~ /<<(.+?)>>/s) {
- local $pc = $1;
- local $__ = '';
- tie *STDOUT => "Buffer",\$__;
- $__ .= eval $pc;
- untie *STDOUT;
- $dynamic = $htmldoc =~ s/<<(.+?)>>/$__/s;
- };
+ # evaluate <<perl-code>> or <<<perl-code>>>
+ {
+ local $timeout = '';
+ local $SIG{ALRM} = sub { $timeout = '<h3>TIMEOUT!</h3>' };
+ alarm(10);
+ while ($htmldoc =~ /<<(.+?>?)>>/s) {
+ local $pc = $1;
+ if ($pc =~ s/^<(.+)>$/$1/) {
+ # eval code without output substitution
+ eval('package DOP;' . $pc);
+ last if $timeout;
+ $dynamic = $htmldoc =~ s/<<<(.+?)>>>//s;
+ } else {
+ # eval code with output substitution
+ local $__ = '';
+ local $^W = 0;
+ tie *STDOUT => "Buffer",\$__;
+ my $r .= eval('package DOP;' . $pc);
+ $__ .= $r if $pc !~ /;\s*$/;
+ untie *STDOUT;
+ last if $timeout;
+ $dynamic = $htmldoc =~ s/<<(.+?)>>/$__/s;
+ }
+ }
+ alarm(0);
+ $dynamic = $htmldoc =~ s/<<(.+?>?)>>/$timeout/sg if $timeout;
+ }