summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-05-01 03:36:46 -0700
committerAleksander Machniak <alec@alec.pl>2013-05-01 03:36:46 -0700
commit06c2d0add5cd5d6bb531bba9480039e96f98f2a2 (patch)
tree27cc9827bf2942306e04a0300c9e39c765dec04b
parent969cb03f9a3aa9496da68cff53fedce79acc1071 (diff)
parentde6585eb771ef6a7e7a98c9a9b011da34cbf05b0 (diff)
Merge pull request #67 from andywer/master
Replaced nasty eval() code
-rw-r--r--program/include/rcmail_output_html.php38
1 files changed, 23 insertions, 15 deletions
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index d8996edbf..0fba66080 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -731,14 +731,13 @@ class rcmail_output_html extends rcmail_output
/**
* Determines if a given condition is met
*
- * @todo Get rid off eval() once I understand what this does.
* @todo Extend this to allow real conditions, not just "set"
* @param string Condition statement
* @return boolean True if condition is met, False if not
*/
protected function check_condition($condition)
{
- return eval("return (".$this->parse_expression($condition).");");
+ return $this->eval_expression($condition);
}
@@ -760,14 +759,11 @@ class rcmail_output_html extends rcmail_output
/**
- * Parses expression and replaces variables
- *
+ * Parse & evaluate a given expression and return its result.
* @param string Expression statement
- * @return string Expression value
*/
- protected function parse_expression($expression)
- {
- return preg_replace(
+ protected function eval_expression ($expression) {
+ $expression = preg_replace(
array(
'/session:([a-z0-9_]+)/i',
'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
@@ -779,14 +775,27 @@ class rcmail_output_html extends rcmail_output
),
array(
"\$_SESSION['\\1']",
- "\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
- "\$this->env['\\1']",
+ "\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
+ "\$env['\\1']",
"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
"\$_COOKIE['\\1']",
- "\$this->browser->{'\\1'}",
+ "\$browser->{'\\1'}",
$this->template_name,
),
- $expression);
+ $expression
+ );
+
+ $fn = create_function('$app,$browser,$env', "return ($expression);");
+ if(!$fn) {
+ rcube::raise_error(array(
+ 'code' => 505,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'line' => __LINE__,
+ 'message' => "Expression parse error on: ($expression)"), true, false);
+ }
+
+ return $fn($this->app, $this->browser, $this->env);
}
@@ -839,7 +848,7 @@ class rcmail_output_html extends rcmail_output
// show a label
case 'label':
if ($attrib['expression'])
- $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
+ $attrib['name'] = $this->eval_expression($attrib['expression']);
if ($attrib['name'] || $attrib['command']) {
// @FIXME: 'noshow' is useless, remove?
@@ -971,8 +980,7 @@ class rcmail_output_html extends rcmail_output
// return code for a specified eval expression
case 'exp':
- $value = $this->parse_expression($attrib['expression']);
- return eval("return html::quote($value);");
+ return html::quote( $this->eval_expression($attrib['expression']) );
// return variable
case 'var':