diff options
| author | Andy Wermke <andy@dev.next-step-software.com> | 2013-04-04 16:08:53 +0200 |
|---|---|---|
| committer | Andy Wermke <andy@dev.next-step-software.com> | 2013-04-04 16:08:53 +0200 |
| commit | 029d18f13bcf01aa2f1f08dbdfc6400c081bf7cb (patch) | |
| tree | 565bcc1e8ed96b60aaec9844a0d96afc57648f5a | |
| parent | 511e1668e6f4a00818128e6b6c7dea0f75d33672 (diff) | |
Replaced nasty eval() expressions.
| -rw-r--r-- | program/include/rcmail_output_html.php | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index 1290e173e..795c0b381 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -722,7 +722,7 @@ class rcmail_output_html extends rcmail_output */ protected function check_condition($condition) { - return eval("return (".$this->parse_expression($condition).");"); + return $this->eval_expression($condition); } @@ -773,6 +773,37 @@ class rcmail_output_html extends rcmail_output $expression); } + protected function eval_expression ($expression) { + return preg_replace_callback( + array( + '/session:([a-z0-9_]+)/i', + '/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i', + '/env:([a-z0-9_]+)/i', + '/request:([a-z0-9_]+)/i', + '/cookie:([a-z0-9_]+)/i', + '/browser:([a-z0-9_]+)/i', + '/template:name/i', + ), + function($match) { + if(preg_match('/session:([a-z0-9_]+)/i', $match, $matches)) { + return $_SESSION[$matches[1]]; + } else if(preg_match('/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i', $match, $matches)) { + return $this->app->config->get($matches[1],rcube_utils::get_boolean($matches[3])); + } else if(preg_match('/env:([a-z0-9_]+)/i', $match, $matches)) { + return $this->env[$matches[1]]; + } else if(preg_match('/request:([a-z0-9_]+)/i', $match, $matches)) { + return rcube_utils::get_input_value($matches[1], rcube_utils::INPUT_GPC); + } else if(preg_match('/cookie:([a-z0-9_]+)/i', $match, $matches)) { + return $_COOKIE[$matches[1]]; + } else if(preg_match('/browser:([a-z0-9_]+)/i', $match, $matches)) { + return $this->browser->{$matches[1]}; + } else if(preg_match('/template:name/i', $match, $matches)) { + return $this->template_name; + } + }, + $expression); + } + /** * Search for special tags in input and replace them @@ -955,7 +986,7 @@ class rcmail_output_html extends rcmail_output // return code for a specified eval expression case 'exp': $value = $this->parse_expression($attrib['expression']); - return eval("return html::quote($value);"); + return html::quote( $this->eval_expression($attrib['expression']) ); // return variable case 'var': |