diff options
author | Andy Wermke <andy@dev.next-step-software.com> | 2013-04-05 13:49:32 +0200 |
---|---|---|
committer | Andy Wermke <andy@dev.next-step-software.com> | 2013-04-05 13:49:32 +0200 |
commit | fe245e5f5dbea1c18517471103185e04a52c89b3 (patch) | |
tree | a6b54472e7f4f3d599a059fc4265cd504ed5468c | |
parent | d67485bebe161c8c46ffe4852e4b4446910ed342 (diff) |
Replaced last eval(). Allowing function calls in expressions.
-rw-r--r-- | program/include/rcmail_output_html.php | 8 |
1 files changed, 1 insertions, 7 deletions
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php index 3e0a4e674..772bdccf7 100644 --- a/program/include/rcmail_output_html.php +++ b/program/include/rcmail_output_html.php @@ -793,12 +793,6 @@ class rcmail_output_html extends rcmail_output * @param string Expression statement */ protected function eval_expression ($expression) { - // Prevent function calls in `expression`: - $expression = str_replace("\n", "", $expression); - if(preg_match('#\w+ \s* (/\* .* \*/)* \s* \(#ix', $expression)) - return false; - - // Evaluate expression: $expression = $this->parse_expression($expression); $fn = create_function('$app,$browser,$env', "return ($expression);"); return $fn($this->app, $this->browser, $this->env); @@ -854,7 +848,7 @@ class rcmail_output_html extends rcmail_output // show a label case 'label': if ($attrib['expression']) - $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";"); + $attrib['name'] = $this->eval_expression($attrib['expression']); if ($attrib['name'] || $attrib['command']) { // @FIXME: 'noshow' is useless, remove? |