Menu
▾
▴
Re: [Apc-aa-coders] use alias {eval:<php expresion>}
|
From: Honza M. <hon...@ec...> - 2007-05-26 23:08:27
|
Hi Adam and Norbert,
> Isn't that dangerous function?
> Imagine something like {eval:return DB_PASSWORD}
Exactly, very dangerous. This is the only reason, why we do not allow
users/administrators to use PHP code in AA templates.
I tried to find workaround for running PHP script safely long time ago,
and didn't find any safe solution. However, there is runkit-sandboxing
extension for PHP in version 5.1
(http://www.php.net/manual/en/runkit.sandbox.php), so now it is possible
to write something like {eval...} safely. So Adam, if you want this
functionality, please use this extension.
Honza
Norbert Brazda píše v So 26. 05. 2007 v 22:19 +0200:
> Isn't that dangerous function?
> Imagine something like {eval:return DB_PASSWORD}
>
> n.
>
> Adam Sanchez wrote:
> > Hello to all
> >
> > I was trying to construct a eval function for the ActionApps with the
> > objective to avoid to be constructing specific functions in item.php3
> > whenever I need one. I use the following syntax
> >
> > {eval:<php expresion>}
> >
> > With that purpose, I put in the file stringexpand.php3 the following code
> >
> > /*****************************************************************************************************/
> > elseif ( substr($out, 0, 4) == "eval" ) {
> > $parts=split(":",$out);
> > if (isset($debug)) huhl ("function eval is=",$parts[1]);//
> > $valor = QuoteColons($level, $maxlevel, $parts[1]);
> > $valor_eval=eval ($valor);
> > return $valor_eval;
> > }
> > /*****************************************************************************************************/
> >
> > The alias works well with simple expressions, like
> >
> > {eval:$a=5;return $a;}
> >
> > {eval:$a=5;$b=10;$c=$a+$b;return $c;}
> >
> > {eval: $b='{text...........5}';return $b;}
> >
> >
> > but it leaves error to me when use native functions php
> >
> > {eval: $b=strtolower('{text...........5}');return $b;}
> >
> > the error that leaves
> >
> > Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in
> > /home/asocam/public_html/apc-asocam/include/stringexpand.php3(774) :
> > eval()'d code on line 1
> >
> > when I use
> >
> > {eval: $b=5; $a=13; if ($b>$a) {return $b." es mayor";}else {return
> > $a." es menor";}}
> >
> > the error that leaves
> >
> > Parse error: syntax error, unexpected T_STRING, expecting '(' in
> > /home/asocam/public_html/apc-asocam/include/stringexpand.php3(774) :
> > eval()'d code on line 1
> >
> > Some idea to continue advancing?
> >
> > Regards,
> >
> > Adam
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Apc-aa-coders mailing list
> > Apc...@li...
> > https://lists.sourceforge.net/lists/listinfo/apc-aa-coders
> >
> >
>
|
