Re: [Rdfapi-php-interest] SparqlEngine / regex passes?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Christian Weiske wrote:
> The current implementation makes it IMO not possible to close the hole
> fully.

Why not extracting all function-calls from the string and comparing with 
an array of allowed functions, e.g.:

preg_match_all('/\s([A-Z0-9_]+)\(/i',$evalstr,$matches);

if(array_diff($matches[1],$allowedFuncs))
	// denied function call

I admit a bit quick and dirty (maybe "" enclosed strings should also be 
extracted from $evalstr first), but it should work, as I understand the 
problem...

Sören