From: Honza M. <hon...@ec...> - 2007-05-26 23:08:27
|
Hi Adam and Norbert, > Isn't that dangerous function? > Imagine something like {eval:return DB_PASSWORD} Exactly, very dangerous. This is the only reason, why we do not allow users/administrators to use PHP code in AA templates. I tried to find workaround for running PHP script safely long time ago, and didn't find any safe solution. However, there is runkit-sandboxing extension for PHP in version 5.1 (http://www.php.net/manual/en/runkit.sandbox.php), so now it is possible to write something like {eval...} safely. So Adam, if you want this functionality, please use this extension. Honza Norbert Brazda píše v So 26. 05. 2007 v 22:19 +0200: > Isn't that dangerous function? > Imagine something like {eval:return DB_PASSWORD} > > n. > > Adam Sanchez wrote: > > Hello to all > > > > I was trying to construct a eval function for the ActionApps with the > > objective to avoid to be constructing specific functions in item.php3 > > whenever I need one. I use the following syntax > > > > {eval:<php expresion>} > > > > With that purpose, I put in the file stringexpand.php3 the following code > > > > /*****************************************************************************************************/ > > elseif ( substr($out, 0, 4) == "eval" ) { > > $parts=split(":",$out); > > if (isset($debug)) huhl ("function eval is=",$parts[1]);// > > $valor = QuoteColons($level, $maxlevel, $parts[1]); > > $valor_eval=eval ($valor); > > return $valor_eval; > > } > > /*****************************************************************************************************/ > > > > The alias works well with simple expressions, like > > > > {eval:$a=5;return $a;} > > > > {eval:$a=5;$b=10;$c=$a+$b;return $c;} > > > > {eval: $b='{text...........5}';return $b;} > > > > > > but it leaves error to me when use native functions php > > > > {eval: $b=strtolower('{text...........5}');return $b;} > > > > the error that leaves > > > > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in > > /home/asocam/public_html/apc-asocam/include/stringexpand.php3(774) : > > eval()'d code on line 1 > > > > when I use > > > > {eval: $b=5; $a=13; if ($b>$a) {return $b." es mayor";}else {return > > $a." es menor";}} > > > > the error that leaves > > > > Parse error: syntax error, unexpected T_STRING, expecting '(' in > > /home/asocam/public_html/apc-asocam/include/stringexpand.php3(774) : > > eval()'d code on line 1 > > > > Some idea to continue advancing? > > > > Regards, > > > > Adam > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by DB2 Express > > Download DB2 Express C - the FREE version of DB2 express and take > > control of your XML. No limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > _______________________________________________ > > Apc-aa-coders mailing list > > Apc...@li... > > https://lists.sourceforge.net/lists/listinfo/apc-aa-coders > > > > > |